- Enterasys Ethernet Switches Reference Manual

ManualsBrandsEnterasys Networks ManualsSwitchEnterasys D2 D2G124-12

421

422

423

424

425

426

427

428

429

430

D-Series CLI Reference 15-1

Security Configuration

ThischapterdescribestheSecurity Conf ig urationsetofcommandsandhowtousethem.

Overview of Security Methods

Thefollowingsecuritymethodsareavailableforcontrollingwhichusersareallowe dtoaccess,

monitor,andmanagethe switch.

•Loginuseraccountsandpasswords–usedtologintotheCLIviaaTelnetconnectionorlocal

COMportconnection.Fordetails,referto“SettingUserAccountsandPasswords”

on

page 2 ‐2.

•HostAccessControlAuthentication(HACA)–a uthenti catesuseraccessofTelnet

management,consolelocalmanagementandWebViewviaacentralRADIUSClient/Server

application.WhenRADIUSisenabled,thisessentiallyoverridesloginuseraccounts.When

HACAisactiveperavalidRADIUSconfiguration,theusernamesandpasswordsused

to

accesstheswitchviaTelnet,SSH,WebView,andCOMportswillbevalidatedagainstthe

configuredRADIUSserver.OnlyinthecaseofaRADIUStimeoutwillthosecredentialsbe

comparedagainstcredentialslocallyconfiguredontheswitch.

Fordetails,referto

“ConfiguringRADIUS”onpage 15‐3.

•SNMPuserorcommunitynames–allowsaccesstotheD‐SeriesswitchviaanetworkSNMP

managementapplication.Toaccesstheswitch,youmustenteranSNMPuserorcommunity

namestring.Thelevelofmanagementaccessisdependenton

theassociatedaccesspolicy.For

details,refertoChapter 5.

• 802.1XPortBasedNetworkAccessControlusingEAPOL(ExtensibleAuthentication

Protocol)–providesamechanismviaaRADIUSserverforadministratorstosecurely

authenticateandgrantappropriateaccesstoenduserdevicescommunicatingwithD‐Series

For information about... Refer to page...

Overview of Security Methods 15-1

Configuring RADIUS 15-3

Configuring 802.1X Authentication 15-9

Configuring MAC Authentication 15-19

Configuring Multiple Authentication Methods 15-30

Configuring VLAN Authorization (RFC 3580) 15-41

Configuring MAC Locking 15-46

Configuring Port Web Authentication (PWA) 15-57

Configuring Secure Shell (SSH) 15-68