IBM 12.1(22)EA6 User Manual
C H A P T E R
5-1
Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide
24R9746
5
Configuring Switch-Based Authentication
This chapter describes how to configure switch-based authentication on the Cisco Systems Intelligent
Gigabit Ethernet Switch Module. This chapter consists of these sections:
Gigabit Ethernet Switch Module. This chapter consists of these sections:
•
•
•
•
•
•
Preventing Unauthorized Access to Your Switch
You can prevent unauthorized users from reconfiguring your switch and viewing configuration
information. Typically, you want network administrators to have access to your switch while you restrict
access to users who dial from outside the network through an asynchronous port, connect from outside
the network through a serial port, or connect through a terminal or workstation from within the local
network.
information. Typically, you want network administrators to have access to your switch while you restrict
access to users who dial from outside the network through an asynchronous port, connect from outside
the network through a serial port, or connect through a terminal or workstation from within the local
network.
To prevent unauthorized access into your switch, you should configure one or more of these security
features:
features:
•
At a minimum, you should configure passwords and privileges at each switch port. These passwords
are locally stored on the switch. When users attempt to access the switch through a port or line, they
must enter the password specified for the port or line before they can access the switch. For more
information, see the
are locally stored on the switch. When users attempt to access the switch through a port or line, they
must enter the password specified for the port or line before they can access the switch. For more
information, see the
.
•
For an additional layer of security, you can also configure username and password pairs, which are
locally stored on the switch. These pairs are assigned to lines or interfaces and authenticate each
user before that user can access the switch. If you have defined privilege levels, you can also assign
a specific privilege level (with associated rights and privileges) to each username and password pair.
For more information, see the
locally stored on the switch. These pairs are assigned to lines or interfaces and authenticate each
user before that user can access the switch. If you have defined privilege levels, you can also assign
a specific privilege level (with associated rights and privileges) to each username and password pair.
For more information, see the
.
•
If you want to use username and password pairs, but you want to store them centrally on a server
instead of locally, you can store them in a database on a security server. Multiple networking devices
can then use the same database to obtain user authentication (and, if necessary, authorization)
information. For more information, see the
instead of locally, you can store them in a database on a security server. Multiple networking devices
can then use the same database to obtain user authentication (and, if necessary, authorization)
information. For more information, see the
.