OS6860(E)_AOS_8.1.1.R01_Switch_Management_Guide
29.04.2019 Views
Share Embed Flag

OS6860(E)_AOS_8.1.1.R01_Switch_Management_Guide

ePAPER READ
DOWNLOAD ePAPER
eleguacito01

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Authenticated <strong>Switch</strong> Access<br />

Managing <strong>Switch</strong> Security<br />

Authenticated <strong>Switch</strong> Access<br />

Authenticated <strong>Switch</strong> Access (ASA) is a way of authenticating users who want to manage the switch. With<br />

authenticated access, all switch login attempts require authentication via the local user database or via a<br />

third-party server.<br />

This section describes how to configure management interfaces for authenticated access as well as how to<br />

specify external servers that the switch can poll for login information. The type of server may be an<br />

authentication-only mechanism or an authentication, authorization, and accounting (AAA) mechanism.<br />

AAA Servers—RADIUS or LDAP<br />

AAA servers are able to provide authorization for switch management users as well as authentication (they<br />

also may be used for accounting). The AAA servers supported on the switch are Remote Authentication<br />

Dial-In User Service (RADIUS) or Lightweight Directory Access Protocol (LDAP) servers. User login<br />

information and user privileges may be stored on the servers.<br />

Privileges are used for network administrator accounts. Instead of user privileges an end-user profile may<br />

be associated with a user for customer login accounts. User information configured on an external server<br />

may include a profile name attribute. The switch will attempt to match the profile name to a profile stored<br />

locally on the switch.<br />

The following illustration shows the two different user types attempting to authenticate with a AAA<br />

server:<br />

Network Administrator<br />

LDAP or RADIUS<br />

Server<br />

login request<br />

The switch polls the server<br />

and receives login and privilege<br />

information about the<br />

user.<br />

Omni<strong>Switch</strong><br />

AAA Server (LDAP or RADIUS)<br />

For more information about types of users, see Chapter 6, “Managing <strong>Switch</strong> User Accounts.”<br />

Interaction With the User Database<br />

By default, switch management users may be authenticated through the console port via the local user<br />

database. If external servers are configured for other management interfaces (such as Telnet, or HTTP),<br />

but the servers become unavailable, the switch will poll the local user database for login information.<br />

Access to the console port provides secure failover in case of misconfiguration or if external authentication<br />

servers become unavailable. The admin user is always authorized through the console port via the<br />

local database (provided the correct password is supplied), even if access to the console port is disabled.<br />

page 7-4 Omni<strong>Switch</strong> <strong>AOS</strong> Release 8 <strong>Switch</strong> <strong>Management</strong> <strong>Guide</strong> May 2014

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!