6 RackSwitch G8000: Application Guide
Part 2: Securing the Switch . . . . . . . . . . . . . . . . . . . 53
Chapter 4. Securing Administration . . . . . . . . . . . . . . . . 55
Secure Shell and Secure Copy . . . . . . . . . . . . . . . . . . . 55
Configuring SSH/SCP Features on the Switch . . . . . . . . . . . 56
Configuring the SCP Administrator Password. . . . . . . . . . . . 56
Using SSH and SCP Client Commands . . . . . . . . . . . . . . 56
SSH and SCP Encryption of Management Messages . . . . . . . . 58
Generating RSA Host Key for SSH Access . . . . . . . . . . . . 58
SSH/SCP Integration with Radius Authentication . . . . . . . . . . 59
SSH/SCP Integration with TACACS+ Authentication . . . . . . . . . 59
SecurID Support . . . . . . . . . . . . . . . . . . . . . . . 59
End User Access Control . . . . . . . . . . . . . . . . . . . . . 60
Considerations for Configuring End User Accounts . . . . . . . . . 60
Strong Passwords . . . . . . . . . . . . . . . . . . . . . . 60
User Access Control . . . . . . . . . . . . . . . . . . . . . 61
Listing Current Users . . . . . . . . . . . . . . . . . . . . . 61
Logging into an End User Account . . . . . . . . . . . . . . . . 62
Chapter 5. Authentication & Authorization Protocols . . . . . . . . . 63
RADIUS Authentication and Authorization. . . . . . . . . . . . . . . 63
How RADIUS Authentication Works . . . . . . . . . . . . . . . 63
Configuring RADIUS on the Switch. . . . . . . . . . . . . . . . 64
RADIUS Authentication Features in IBM N/OS . . . . . . . . . . . 64
Switch User Accounts . . . . . . . . . . . . . . . . . . . . . 65
RADIUS Attributes for IBM N/OS User Privileges . . . . . . . . . . 65
TACACS+ Authentication . . . . . . . . . . . . . . . . . . . . . 66
How TACACS+ Authentication Works. . . . . . . . . . . . . . . 66
TACACS+ Authentication Features in IBM N/OS . . . . . . . . . . 67
Command Authorization and Logging . . . . . . . . . . . . . . . 68
Configuring TACACS+ Authentication on the Switch . . . . . . . . . 68
LDAP Authentication and Authorization. . . . . . . . . . . . . . . . 69
Chapter 6. 802.1X Port-Based Network Access Control . . . . . . . . 71
Extensible Authentication Protocol over LAN . . . . . . . . . . . . . 72
EAPoL Authentication Process . . . . . . . . . . . . . . . . . . . 73
EAPoL Message Exchange . . . . . . . . . . . . . . . . . . . . 73
EAPoL Port States. . . . . . . . . . . . . . . . . . . . . . . . 75
Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Supported RADIUS Attributes . . . . . . . . . . . . . . . . . . . 76
EAPoL Configuration Guidelines . . . . . . . . . . . . . . . . . . 78
To Next Page
Loading...
Need help?
General
