Manualshelf

User`s manual

ManualsBrandsAsante ManualsComputer equipmentIntraCore 36000 Series
51525354555657585960
User’s Manual 57
Chapter 6: Configuring Security
You can restrict management access to this switch using the following options:
User Accounts – Manually configure access rights on the switch for specified users.
Authentication Settings – Use remote authentication to configure access rights.
HTTPS Settings – Provide a secure web connection.
SSH Settings – Provide a secure shell (for secure Telnet access).
Port Security – Configure secure addresses for individual ports.
802.1x – Use IEEE 802.1x port authentication to control access to specific ports.
Access Control Lists – provide packet filtering for IP frames.
IP Filter – Filters management access to the web, SNMP or Telnet interface.
6.1 Configuring User Accounts
The guest only has read access for most configuration parameters. The administrator has write access for
all parameters governing the onboard agent. You should assign a new administrator password, and store it
in a safe place.
The default guest name is “guest” with the password “guest.” The default administrator name is “admin” with
the password “admin.”
Configuring Switch Using the CLI
CLI
Assign a user name to access-level 15 (For example, administrator), then specify the password.
Console(config)#username james access-level 15
Console(config)#username james password 0 smith
Console(config)#
6.2 Configuring Local/Remote Logon Authentication
Use the Authentication Settings menu to restrict management access based on specified user names and
passwords. You can manually configure access rights on the switch, or you can use a remote access
authentication server based on RADIUS or TACACS+ protocols.
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access Control
System Plus (TACACS+) are logon authentication protocols that use software running on a central server to
control access to RADIUS-aware or TACACS-aware devices on the network. An authentication server
contains a database of multiple user name/password pairs with associated privilege levels for each user that
requires management access to the switch.
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a
connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request
packet from the client to the server, while TACACS+ encrypts the entire body of the packet.