Administrator Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S6000

45 Security................................................................................................................................. 707

AAA Accounting.................................................................................................................................................................707

Configuration Task List for AAA Accounting........................................................................................................... 707

RADIUS Accounting.................................................................................................................................................... 709

AAA Authentication............................................................................................................................................................714

Configuration Task List for AAA Authentication...................................................................................................... 714

Obscuring Passwords and Keys.......................................................................................................................................716

AAA Authorization.............................................................................................................................................................. 717

Privilege Levels Overview............................................................................................................................................717

Configuration Task List for Privilege Levels..............................................................................................................717

RADIUS................................................................................................................................................................................721

RADIUS Authentication............................................................................................................................................... 721

Configuration Task List for RADIUS..........................................................................................................................722

Support for Change of Authorization and Disconnect Messages packets..........................................................725

TACACS+........................................................................................................................................................................... 734

Configuration Task List for TACACS+......................................................................................................................734

TACACS+ Remote Authentication............................................................................................................................735

Command Authorization.............................................................................................................................................736

Protection from TCP Tiny and Overlapping Fragment Attacks.................................................................................. 737

Enabling SCP and SSH..................................................................................................................................................... 737

Using SCP with SSH to Copy a Software Image.................................................................................................... 737

Removing the RSA Host Keys and Zeroizing Storage ...........................................................................................738

Configuring When to Re-generate an SSH Key ..................................................................................................... 738

Configuring the SSH Server Key Exchange Algorithm...........................................................................................739

Configuring the HMAC Algorithm for the SSH Server...........................................................................................739

Configuring the HMAC Algorithm for the SSH Client............................................................................................ 740

Configuring the SSH Server Cipher List...................................................................................................................740

Configuring the SSH Client Cipher List..................................................................................................................... 741

Configuring DNS in the SSH Server.......................................................................................................................... 741

Secure Shell Authentication........................................................................................................................................741

Troubleshooting SSH.................................................................................................................................................. 743

Telnet.................................................................................................................................................................................. 744

VTY Line and Access-Class Configuration.....................................................................................................................744

VTY Line Local Authentication and Authorization...................................................................................................744

VTY Line Remote Authentication and Authorization.............................................................................................. 745

VTY MAC-SA Filter Support...................................................................................................................................... 745

Role-Based Access Control............................................................................................................................................. 745

Overview of RBAC...................................................................................................................................................... 746

User Roles.....................................................................................................................................................................748

AAA Authentication and Authorization for Roles..................................................................................................... 751

Role Accounting...........................................................................................................................................................753

Display Information About User Roles...................................................................................................................... 754

Two Factor Authentication (2FA)...................................................................................................................................755

Handling Access-Challenge Message.......................................................................................................................755

Configuring Challenge Response Authentication for SSHv2.................................................................................755

SMS-OTP Mechanism................................................................................................................................................756

Configuring the System to Drop Certain ICMP Reply Messages............................................................................... 756

SSH Lockout Settings.......................................................................................................................................................757

Dell EMC Networking OS Security Hardening.............................................................................................................. 758

Contents