Specifications
SecureStack B2 Configuration Guide 11-1
11
Security Configuration
This chapter describes the Security Configuration set of commands and how to use them.
11.1 OVERVIEW OF SECURITY METHODS
The following security methods are available for controlling which users are allowed to access,
monitor, and manage the device.
• Login user accounts and passwords – used to log in to the CLI via a Telnet connection or local
COM port connection. For details, refer to Section 2.1.11.
• Host Access Control Authentication (HACA) – authenticates user access of Telnet management,
console local management and WebView via a central RADIUS Client/Server application.
When RADIUS is enabled, this essentially overrides login user accounts. When HACA is active
per a valid RADIUS configuration, the user names and passwords used to access the device via
Telnet, SSH, Webview, and COM ports will be validated against the configured RADIUS
server. Only in the case of a RADIUS timeout will those credentials be compared against
credentials locally configured on the device.
For details, refer to Section 11.3.1.
• SNMP user or community names – allows access to the SecureStack B2 device via a network
SNMP management application. To access the device, you must enter an SNMP user or
community name string. The level of management access is dependent on the associated access
policy. For details, refer to Chapter 4.
• 802.1X Port Based Network Access Control using EAPOL (Extensible Authentication Protocol)
—provides a mechanism via a RADIUS server for administrators to securely authenticate and
grant appropriate access to end user devices communicating with SecureStack B2 ports. For
details on using CLI commands to configure 802.1X, refer to Section 11.3.2.
• RFC 3580 Tunnel Attributes provide a mechanism to contain an 802.1X authenticated user to a
VLAN regardless of the PVID, refer to Section 11.3.3.