Specifications

SecureStack B2 Configuration Guide 19-1

Authentication and Authorization

Configuration

Thischapterdescribestheauthenticationandauthorizationcommandsandhowtousethem.

Overview of Authentication and Authorization Methods

Thefollowingmethodsareavailableforcontrollingwhichusersareallowedtoaccess,monitor,

andmanagetheswitch.

•Loginuseraccountsandpasswords–usedtologintotheCLIviaaTelnetconnectionorlocal

COMportconnection.Fordetails,referto“SettingUserAccountsandPasswords”on



page 3 ‐2.

•HostAccessControlAuthentication(HACA)–authenticatesuseraccessofTelnet

management,consolelocalmanagementandWebViewviaacentralRADIUSClient/Server

application.WhenRADIUSisenabled,thisessentiallyoverridesloginuseraccounts.When

HACAisactiveperavalidRADIUSconfiguration,theusernamesandpasswordsusedto



accesstheswitchviaTelnet,SSH,WebView,andCOMportswillbevalida tedagainst the

configuredRADIUSserver.OnlyinthecaseofaRADIUStimeoutwillthosecredentialsbe

comparedagainstcredentialslocallyconfiguredontheswitch.

Fordetails,referto

“ConfiguringRADIUS”onpage 19‐3.

•SNMPuserorcommunitynames–allowsaccesstotheSecureStackB2switchviaanetwork

SNMPmanagementapplication.Toaccesstheswitch, youmustenteranSNMPuseror

communitynamestring.Thelevelofmanagementaccessisdependenton

theassociated

accesspolicy.Fordetails,refertoChapter 8.

For information about... Refer to page...

Overview of Authentication and Authorization Methods 19-1

Configuring RADIUS 19-3

Configuring 802.1X Authentication 19-11

Configuring MAC Authentication 19-21

Configuring Multiple Authentication Methods 19-33

Configuring VLAN Authorization (RFC 3580) 19-45

Configuring MAC Locking 19-50

Configuring Port Web Authentication (PWA) 19-61

Configuring Secure Shell (SSH) 19-73