Nortel Networks 4600 User Manual
10
2.4
Roles and Services
The switch supports up to 5000 simultaneous user sessions using Internet Protocol
Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling
Protocol (L2TP), and Layer Two Forwarding (L2F). In addition, an administrator may
securely configure the switch either locally or remotely. Remote administration is secured
by one of the secure tunneling protocols supported by the box. The administrator selects
which protocols are used from the Services-Available menu.
Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), Layer Two Tunneling
Protocol (L2TP), and Layer Two Forwarding (L2F). In addition, an administrator may
securely configure the switch either locally or remotely. Remote administration is secured
by one of the secure tunneling protocols supported by the box. The administrator selects
which protocols are used from the Services-Available menu.
The Switch employs role-based authentication of users, and stores user identity
information in an internal Lightweight Directory Access Protocol (LDAP) database.
Authentication can optionally be performed against a variety of external servers using
LDAP or RADIUS, including Novell NDS, Microsoft Windows NT Domains, Security
Dynamics ACE Server, and Axent OmniGuard Defender.
information in an internal Lightweight Directory Access Protocol (LDAP) database.
Authentication can optionally be performed against a variety of external servers using
LDAP or RADIUS, including Novell NDS, Microsoft Windows NT Domains, Security
Dynamics ACE Server, and Axent OmniGuard Defender.
Service
Crypto Officer
User
Configure the Switch
Create User Groups
Create Users
Modify User Groups
Modify Users
Delete User Groups
Delete Users
Define Rules and Filters
Status Functions
Manage the Switch
Encrypted Traffic
Change Password
Table 2 – Matrix of Services
Users may assume one of two roles: Crypto Officer role or User role. An administrator of
the switch assumes the Crypto Officer role to configure and maintain the switch. The
Crypto Officer role may have the following rights:
the switch assumes the Crypto Officer role to configure and maintain the switch. The
Crypto Officer role may have the following rights:
•
Switch management rights: (none, view switch, or manage switch). View
switch permits an administrator to view all the configuration and status
information on the switch. Manage switch permits an administrator to
configure the switch and change critical settings.
switch permits an administrator to view all the configuration and status
information on the switch. Manage switch permits an administrator to
configure the switch and change critical settings.
•
User management rights: (none, view users, or manage users). View users
permits an administrator to review all user accounts and settings on the switch.
Manage users rights allows an administrator to create, modify, and delete
users.
permits an administrator to review all user accounts and settings on the switch.
Manage users rights allows an administrator to create, modify, and delete
users.
A User authenticates and assumes the User role to access the following services: