Security Measures
136
Instruction Manual - NXA-ENET8-POE+
Command Usage
If a remote authentication server is used, you must specify the message exchange parameters for the remote
authentication protocol. Both local and remote login authentication control management access via the console port, web
browser, or Telnet.
RADIUS and login authentication assign a specific privilege level for each user name/password pair. The user
name, password, and privilege level must be configured on the authentication server. The encryption methods used for the
authentication process must also be configured or negotiated between the authentication server and login client. This
switch can pass authentication messages between the server and client that have been encrypted using MD5
(Message-Digest 5), TLS (Transport Layer Security), or TTLS (Tunneled Transport Layer Security).
The following table lists the options on this page:
Security - AAA (Server) Options
Configure Server
RADIUS
• Global - Provides globally applicable RADIUS settings.
• Server Index - Specifies one of five RADIUS servers that may be configured. The switch
attempts authentication using the listed sequence of servers. The process ends when a server
either approves or denies access to a user.
• Server IP Address - Address of authentication server. (A Server Index entry must be selected to
display this item.)
• Accounting Server UDP Port - Network (UDP) port on authentication server used for accounting
messages. (Range: 1-65535; Default: 1813)
• Authentication Server UDP Port - Network (UDP) port on authentication server used for
authentication messages. (Range: 1-65535; Default: 1812)
• Authentication Timeout - The number of seconds the switch waits for a reply from the RADIUS
server before it resends the request. (Range: 1-65535; Default: 5)
• Authentication Retries - Number of times the switch tries to authenticate logon access via the
authentication server. (Range: 1-30; Default: 2)
• Set Key - Mark this box to set or modify the encryption key.
• Authentication Key - Encryption key used to authenticate logon access for client. Enclose any
string containing blank spaces in double quotes. (Maximum length: 48 characters)
• Confirm Authentication Key - Re-type the string entered in the previous field to ensure no errors
were made. The switch will not change the encryption key if these two fields do not match.
• Global - Provides globally applicable settings.
• Server Index - Specifies the index number of the server to be configured. The switch currently
supports only one server.
• Server IP Address - Address of the server. (A Server Index entry must be selected to
display this item.)
• Authentication Server TCP Port - Network (TCP) port of server used for
authentication messages. (Range: 1-65535; Default: 49)
• Authentication Timeout - The number of seconds the switch waits for a reply from the
server before it resends the request. (Range: 1-65535; Default: 5)
• Authentication Retries - Number of times the switch tries to authenticate logon access via the
authentication server. (Range: 1-30; Default: 2)
• Set Key - Mark this box to set or modify the encryption key.
• Authentication Key - Encryption key used to authenticate logon access for client. Enclose any
string containing blank spaces in double quotes. (Maximum length: 48 characters)
• Confirm Authentication Key - Re-type the string entered in the previous field to ensure no errors
were made. The switch will not change the encryption key if these two fields do not match.
Configure Group
Server Type
Select RADIUS or server.
Group Name
Defines a name for the RADIUS or server group. (Range: 1-64 characters)
Sequence at Priority
Specifies the server and sequence to use for the group. (Range: 1-5 for RADIUS; 1 for TACACS)
When specifying the priority sequence for a sever, the server index must already be defined (see