Alcatel Carrier Internetworking Solutions omniswitch User Manual
Managing Switch Security
Switch Security Overview
OmniSwitch 6600 Family Switch Management Guide
March 2005
page 8-3
Switch Security Overview
Switch security features increase the security of the basic switch login process by allowing management
only through particular interfaces for users with particular privileges. Login information and privileges
may be stored on the switch and/or an external server, depending on the type of external server you are
using and how you configure switch access.
only through particular interfaces for users with particular privileges. Login information and privileges
may be stored on the switch and/or an external server, depending on the type of external server you are
using and how you configure switch access.
The illustration here shows the components of switch security:
An external RADIUS or LDAP server can supply both user login and authorization information. ACE/
Server can provide login information; user authorization information is available through the switch’s
local user database. External servers may also be used for accounting, which includes logging statistics
about user sessions. For information about configuring the switch to communicate with external servers,
see the “Managing Authentication Servers” chapter in the OmniSwitch 6600 Family Network Configura-
tion Guide.
Server can provide login information; user authorization information is available through the switch’s
local user database. External servers may also be used for accounting, which includes logging statistics
about user sessions. For information about configuring the switch to communicate with external servers,
see the “Managing Authentication Servers” chapter in the OmniSwitch 6600 Family Network Configura-
tion Guide.
If an external server is not available or is not configured, user login information and user authorization
may be provided through the local user database on the switch. The user database is described in
may be provided through the local user database on the switch. The user database is described in
Logging may also be accomplished directly on the switch. For information about configuring local
logging for switch access, see
logging for switch access, see
. For complete details
about local logging, see the “Using Switch Logging” chapter in the OmniSwitch 6600 Family Network
Configuration Guide.
Configuration Guide.
RADIUS, LDAP, or ACE
Server
OmniSwitch
End User
login request
Servers supply login infor-
mation about the user. User-
privilege information is also
available on RADIUS and
LDAP servers.
Authenticated Switch Access Setup
management interface
OmniSwitch 6648
OmniSwitch 6648
OmniSwitch 6648
local user
database