Specifications
SecureStack A2 Configuration Guide 10-1
10
Security Configuration
This chapter describes the Security Configuration set of commands and how to use them.
10.1 OVERVIEW OF SECURITY METHODS
The following security methods are available for controlling which users are allowed to access,
monitor, and manage the device.
• Login user accounts and passwords – used to log in to the CLI by way of a Telnet connection or
local COM port connection. For details, refer to Section 2.1.11.
• Host Access Control Authentication (HACA) – authenticates user access of Telnet management,
console local management and WebView via a central RADIUS Client/Server application.
When RADIUS is enabled, this essentially overrides login user accounts. When HACA is active
with a valid RADIUS configuration, the user names and passwords used to access the switch via
Telnet, SSH, Webview, and COM ports will be validated against the configured RADIUS server.
Only in the case of a RADIUS timeout will those credentials be compared against credentials
locally configured on the switch.
For details, refer to Section 10.3.1.
• SNMP user or community names – allows access to the SecureStack A2 switch by way of a
network SNMP management application. To access the switch, you must enter an SNMP user
or community name string. The level of management access is dependent on the associated
access policy. For details, refer to Chapter 4.
• 802.1X Port Based Network Access Control using EAPOL (Extensible Authentication Protocol)
– provides a mechanism using a RADIUS server for administrators to securely authenticate and
grant appropriate access to end user devices communicating with SecureStack A2 ports. For
details on using CLI commands to configure 802.1X, refer to Section 10.3.2.
NOTE: To configure EAP pass-through, which allows client authentication packets to be
forwarded through the SecureStack switch to an upstream device, 802.1X authentication must be
globally disabled with the set dot1x command (Section 10.3.2.3).