Manualshelf

User`s guide

ManualsBrandsEnterasys ManualsComputer equipmentANG-3000
341342343344345346347348349350
316 XSR Users Guide
AAA Services Chapter 13
Configuring Security on the XSR
Create ACLs to direct services to appropriate servers only
Enable packet filtering and attack prevention mechanisms
All only packets with valid source addresses to exit the network
If using SNMP, use strong community names and set read-only access
Minimize console logging to limit unnecessary CPU cycles
Use OSPF rather than RIP to take advantage of MD5 authentication
Control which router interfaces can be used to manage the XSR
Use an SNTP server on the DMZ to synchronize XSR clocks
Use syslog to send messages to a designated syslog server
AAA Services
The XSR provides Authentication, Authorization and Accounting (AAA)
services to validate and display data for AAA usergroups, users, and methods.
For Telnet/Console and SSH users, two authentication mechanisms are
available, as follows:
CLI database authentication - This is the authentication mode used for
Telnet/Console and SSH users by default. Users are authenticated
against the CLI database created by the
username command. This
mechanism does not provide for RADIUS authentication.
AAA user database authentication - This mechanism allows
Telnet/Console and SSH users to use the AAA module which
provides further authentication by various AAA methods including
RADIUS. The
aaa client telnet command switches all
Telnet/Console users to authenticate via the AAA user database. The
aaa client ssh command switches all SSH users to authenticate via
the AAA user database.
A few restrictions apply when switching Telnet/Console and SSH users to
authenticate via this mechanism, as follows:
No pre-existing privilege-15 admin user exists in the AAA database.
Before switching over to AAA for Telnet or SSH, at least one privilege
15 user with a Telnet/SSH policy must exist in the AAA database.