Enterasys 6000 Betriebsanweisung
Overview of Security Methods
3-16
Accessing Local Management
•
Host Access Control Authentication (HACA) – authenticates user access of Telnet management,
console local management and WebView via a central Radius Client/Server application using the
Password screen described in
console local management and WebView via a central Radius Client/Server application using the
Password screen described in
. For an overview of HACA and a description of how
to set the access policy using the Radius Configuration screen, refer to
and
.
•
Host Access Control List (ACL) – allows only the defined list of IP Addresses to communicate
with the host for Telnet, WebView (HTTP) and SNMP. To set up these parameters, refer to the
Host Access Control List (ACL) screen described in
with the host for Telnet, WebView (HTTP) and SNMP. To set up these parameters, refer to the
Host Access Control List (ACL) screen described in
.
•
802.1X Port Based Network Access Control – provides a mechanism for administrators to
securely authenticate and grant appropriate access to end user devices (supplicants) directly
attached to switch module ports. For more information, refer to
securely authenticate and grant appropriate access to end user devices (supplicants) directly
attached to switch module ports. For more information, refer to
.
•
MAC Authentication – provides a mechanism for administrators to securely authenticate and
grant appropriate access to end user devices directly attached to switch module ports. For more
information, refer to
grant appropriate access to end user devices directly attached to switch module ports. For more
information, refer to
3.6.1
Host Access Control Authentication (HACA)
To use HACA, the embedded Radius Client on the switch module must be configured to
communicate with the Radius Server, and the Radius Server must be configured with the password
information. The software used for this application provides the ability to centralize the
Authentication, Authorization, and Accounting (AAA) of the network resources. For more
information, refer to the RFC 2865 (Radius Authentication) and RFC 2866 (Radius Accounting)
for a description of the protocol.
communicate with the Radius Server, and the Radius Server must be configured with the password
information. The software used for this application provides the ability to centralize the
Authentication, Authorization, and Accounting (AAA) of the network resources. For more
information, refer to the RFC 2865 (Radius Authentication) and RFC 2866 (Radius Accounting)
for a description of the protocol.
Each switch module has its own Radius Client. The client can be configured via:
•
The Radius Configuration screen described in
, or
•
The Network Tools Command Line Interface (CLI) using the “radius” command described in
.
The IP address of the Radius Server and the shared secret text string must be configured on the
Radius Client. The client uses the Password Authentication Protocol (PAP) to communicate the
user name and encrypted password to the Radius Server.
Radius Client. The client uses the Password Authentication Protocol (PAP) to communicate the
user name and encrypted password to the Radius Server.
On the Radius Server, each user is configured with the following:
•
name
•
password
•
access level