Overview of Security Methods
Security Menu Screens
9-5
9.3
OVERVIEW OF SECURITY METHODS
Two security methods are available to control which users are allowed access to the switch’s host
to configure the switch parameters and monitor its operation.
•
Switch Local Management Application Password – allows two levels of SNMP local
management access via serial console or telnet (read-write and read-only) using the Console
Login Configuration screen described in
Section 6.5
. The two levels of remote SNMP
management access are set using the SNMP Community Names Configuration screen described
in
Section 6.4.1
.
•
Host Access Control Authentication (HACA) – authenticates user access of Telnet management,
console local management and WebView via a central Radius Client/Server application using the
Port Authentication Configuration screen described in
Section 9.5
. For an overview of HACA
and a description of how to set the switch to access policy using the Security Configuration
screen, refer to
Section 9.3.1
and
Section 11.18
.
9.3.1
Host Access Control Authentication (HACA)
To use HACA, the embedded Radius Client on the switch must be configured to communicate with
the Radius Server, and the Radius Server must be configured with the password information. The
Enterasys implementation uses Funk Software Steel-Belted Radius server software, This software
provides the ability to centralize the Authentication, Authorization, and Accounting (AAA) of the
network resources. For more information, refer to the RFC 2865 (Radius Authentication) for a
description of the protocol. Radius Accounting is not supported on the Matrix E5.
Each switch has its own Radius Client, which can be configured using the Security Configuration
screen described in
Section 9.4
.
The
IP address
of the Radius Server (and, if available, the
secondary server IP address
) and
shared secret text string
must be configured on the Radius Client. The client uses either the
Password Authentication Protocol (PAP) to communicate the user name and encrypted password
to the Radius Server.
On the Radius Server, each user is configured with the following:
•
name
•
password
•
access level
The access level can be set to one of the following levels for each user name:
•
read-write
•
read-only
Содержание Matrix E6 5G102-06-G
Страница 1: ...MATRIX E5 Series Modules 5H1xx and 5G1xx Local Management User s Guide 9033583 02...
Страница 2: ......
Страница 6: ......
Страница 12: ......
Страница 22: ......
Страница 26: ......
Страница 42: ......
Страница 48: ......
Страница 72: ......
Страница 156: ......
Страница 174: ......
Страница 184: ......
Страница 188: ......
Страница 192: ......