Specifications

SecureStack C3 Configuration Guide 21-1

Security Configuration

ThischapterdescribestheSecurityConfigurationsetofcommandsandhowtousethem.

Overview of Security Methods

Thefollowingsecuritymethodsareavailableforcontrollingwhichusersareallowedtoaccess,

monitor,andmanagetheswitch.

•Loginuseraccountsandpasswords–usedtologintotheCLIviaaTelnetconnectionorlocal

COMportconnection.Fordetails,referto“SettingUserAccountsandPasswords”

on

page 3‐2.

•HostAccessControlAuthentication(HACA)–authenticatesuseraccessofTelnet

management,consolelocalmanagementandWebViewviaacentralRADIUSClient/Server

application.WhenRADIUSisenabled,thisessentiallyoverridesloginuseraccounts.When

HACAisactiveperavalidRADIUSconfiguration,theusernamesandpasswordsused

to

accesstheswitchviaTelnet,SSH,WebView,and COM portswillbevalidatedagainstthe

configuredRADIUSserver.OnlyinthecaseofaRADIUStimeoutwillthosecredentialsbe

comparedagainstcredentialslocallyconfiguredontheswitch.

Fordetails,referto

“ConfiguringRADIUS”onpage 21‐4.

•SNMPuserorcommunitynames–allowsaccesstotheSecureStackC3switchviaanetwork

SNMPmanagementapplication.Toaccesstheswitch,youmustenteranSNMPuseror

communitynamestring.Thelevelofmanagementaccessisdependenton

theassociated

accesspolicy.Fordetails,refertoChapter 5.

For information about... Refer to page...

Overview of Security Methods 21-1

Configuring RADIUS 21-4

Configuring 802.1X Authentication 21-12

Configuring MAC Authentication 21-23

Configuring Multiple Authentication Methods 21-34

Configuring VLAN Authorization (RFC 3580) 21-42

Configuring MAC Locking 21-46

Configuring Port Web Authentication (PWA) 21-56

Configuring Secure Shell (SSH) 21-68

Configuring Access Lists 21-70