User guide
Authenticated Switch Access Managing Switch Security
page 8-4 OmniSwitch AOS Release 7 Switch Management Guide March 2015
Authenticated Switch Access
Authenticated Switch Access (ASA) is a way of authenticating users who want to manage the switch. With
authenticated access, all switch login attempts require authentication via the local user database or via a
third-party server.
This section describes how to configure management interfaces for authenticated access as well as how to
specify external servers that the switch can poll for login information. The type of server may be an
authentication-only mechanism or an authentication, authorization, and accounting (AAA) mechanism.
AAA Servers—RADIUS or LDAP
AAA servers are able to provide authorization for switch management users as well as authentication (they
also may be used for accounting). The AAA servers supported on the switch are Remote Authentication
Dial-In User Service (RADIUS) or Lightweight Directory Access Protocol (LDAP) servers. User login
information and user privileges may be stored on the servers.
Privileges are used for network administrator accounts. Instead of user privileges an end-user profile may
be associated with a user for customer login accounts. User information configured on an external server
may include a profile name attribute. The switch will attempt to match the profile name to a profile stored
locally on the switch.
The following illustration shows the two different user types attempting to authenticate with a AAA
server:
For more information about types of users, see Chapter 7, “Managing Switch User Accounts.”
LDAP or RADIUS
Server
AAA Server (LDAP or RADIUS)
OmniSwitch
login request
The switch polls the server
and receives login and privi-
lege information about the
user.
Network Administrator