Alcatel OmniSwitch/Router Guía de usuario Pagina 274
- Pagina / 346
- Tabla de contenidos
- SOLUCIÓN DE PROBLEMAS
- MARCADORES
Valorado. / 5. Basado en revisión del cliente
Authenticated Switch Access Managing Switch Security
page 10-4 OmniSwitch 6250/6450 Switch Management Guide May 2012
Authenticated Switch Access
Authenticated Switch Access (ASA) is a way of authenticating users who want to manage the switch. With
authenticated access, all switch login attempts using the console or modem port, Telnet, FTP, SNMP, or
HTTP require authentication via the local user database or via a third-party server.
This section describes how to configure management interfaces for authenticated access as well as how to
specify external servers that the switch can poll for login information. The type of server can be an
authentication-only mechanism or an authentication, authorization, and accounting (AAA) mechanism.
AAA Servers—RADIUS or LDAP
AAA servers are able to provide authorization for switch management users as well as authentication (they
also can be used for accounting). The AAA servers supported on the switch are Remote Authentication
Dial-In User Service (RADIUS) or Lightweight Directory Access Protocol (LDAP) servers. User login
information and user privileges can be stored on the servers.
Privileges are used for network administrator accounts. Instead of user privileges an end-user profile can
be associated with a user for customer login accounts. User information configured on an external server
can include a profile name attribute. The switch will attempt to match the profile name to a profile stored
locally on the switch.
The following illustration shows the two different user types attempting to authenticate with a AAA
server:
For more information about types of users, see Chapter 9, “Managing Switch User Accounts.”
Authentication-only—ACE/Server
Authentication-only servers are able to authenticate users for switch management access, but authoriza-
tion (or what privileges the user has after authenticating) are determined by the switch. Authentication-
only servers cannot return user privileges or end-user profiles to the switch. The authentication-only server
supported by the switch is ACE/Server, which is a part of RSA Security’s SecurID product suite. RSA
Security’s ACE/Agent is embedded in the switch.
The switch polls the server
for login information, which
can reference a profile
name; end-user profiles are
stored on the switch.
LDAP or RADIUS
Server
AAA Server (LDAP or RADIUS)
OmniSwitch
login request
The switch polls the server
and receives login and privi-
lege information about the
user.
Customer
login request
OmniSwitch
Network Administrator
LDAP or RADIUS
Server
end-user
profile
- OmniSwitch 6250/6450 1
- Switch Management Guide 1
- Contents 10
- About This Guide 13
- Who Should Read this Manual? 14
- What is in this Manual? 14
- What is Not in this Manual? 15
- Documentation Roadmap 16
- Related Documentation 18
- User Manual CD 20
- Technical Support 20
- 1 Managing System Files 21
- File Transfer 23
- Switch Directories 24
- File and Directory Management 25
- Using Wildcards 27
- Directory Commands 28
- Changing Directories 29
- Displaying Directory Contents 30
- Making a New Directory 31
- Copying an Existing Directory 32
- File Commands 34
- Secure Copy an Existing File 35
- Delete an Existing File 36
- Managing Files on Switches 37
- Utility Commands 38
- Using Secure Shell FTP 43
- Using TFTP to Transfer Files 45
- Using Zmodem 45
- Directories on the Switch 47
- Available Image Files 48
- Verifying Directory Contents 55
- Installing Software Licenses 56
- Licensed Features 57
- Setting the System Clock 59
- Enabling DST 62
- 2 Logging Into the Switch 65
- Login Specifications 67
- Login Defaults 67
- Management Interfaces 70
- User Accounts 71
- Using Telnet 72
- Using FTP 74
- Secure Shell Interface 77
- Secure Shell Authentication 79
- Connection Phase 80
- Modifying the Login Banner 85
- Configuring Login Parameters 87
- Enabling the DNS Resolver 88
- Verifying Login Settings 89
- 3 Using SNMP 91
- SNMP Specifications 92
- SNMP Defaults 92
- Using SNMP SNMP Defaults 93
- Management Station 94
- Filtering by Trap Families 95
- Filtering by Individual Traps 96
- SNMP Overview 97
- SNMP Versions 98
- Using SNMP SNMP Overview 99
- Configuring Community Strings 100
- Setting SNMP Security 102
- Working with SNMP Traps 103
- Authentication Trap 104
- Trap Management 104
- SNMP MIB Information 105
- Industry Standard MIBs 106
- Enterprise (Proprietary) MIBs 110
- 4 Configuring Network Time 115
- Protocol (NTP) 115
- NTP Specifications 116
- NTP Defaults Table 116
- NTP Quick Steps 117
- NTP Overview 119
- Using NTP in a Network 120
- Authentication 122
- Configuring NTP 123
- NTP Servers 124
- Setting the Version Number 125
- Marking a Server as Preferred 125
- Using Authentication 126
- Verifying NTP Configuration 127
- 5 Managing CMM 129
- Directory Content 129
- CMM Specifications 130
- CMM Files 131
- Software Rollback Feature 132
- Redundancy 137
- (Non-Redundant) 141
- Scheduling a Reboot 142
- Cancelling a Scheduled Reboot 142
- -> show reload 143
- -> show reload status 143
- Working Certified 144
- Primary CMM 144
- -> write memory 145
- Cancelling a Rollback Timeout 148
- -> copy working certified 150
- -> copy certified working 150
- Show Switch Files 152
- Rebooting the Switch 153
- -> copy flash-synchro 156
- -> takeover 157
- Using the USB Flash Drive 160
- Disaster Recovery Using USB 161
- Displaying CMM Conditions 163
- 6 Using the CLI 165
- CLI Specifications 166
- CLI Overview 167
- Text Conventions 168
- Using “Show” Commands 169
- Using the “No” Form 169
- Using “Alias” Commands 169
- Partial Keyword Completion 170
- Command Help 171
- Debug UPDATE, SHOW, NO, DEBUG 172
- Command Set Name Commands 172
- CLI Services 175
- Inserting Characters 176
- Syntax Checking 177
- Prefix Recognition 177
- Show Prefix 178
- Command History 179
- Enabling Command Logging 181
- Disabling Command Logging 181
- Changing the Screen Size 183
- Changing the CLI Prompt 183
- Displaying Table Information 184
- Filtering Table Information 185
- Multiple User Sessions 186
- Terminating Another Session 188
- Application Example 189
- Verifying CLI Usage 191
- 7 Working With 193
- Configuration Files 193
- Configuration Files Overview 198
- Cancelling a Timed Session 199
- Setting the Error File Limit 200
- Displaying a Text File 201
- Text Editing on the Switch 201
- Snapshot Feature List 202
- User-Defined Naming Options 203
- Editing Snapshot Files 203
- Example Snapshot File Text 204
- Verifying File Configuration 206
- 8 Managing Automatic 207
- Remote Configuration 207
- Download 207
- • Pathname: 255 characters 208
- • Filename: 63 characters 208
- Overview 211
- Network Components 212
- LED Status 213
- UDP/DHCP Relay 214
- Process Illustration 216
- Additional Process Notes 217
- Download Component Files 218
- Instruction File Syntax 219
- Firmware Upgrade Files 220
- Bootup Configuration File 220
- Debug Configuration File 221
- Script File 221
- Aggregate Association 222
- Nearest-Edge Mode Operation 226
- Access Switch 227
- Zero Touch License Upgrade 228
- Troubleshooting 229
- Script File Errors 230
- Error Description Table 231
- 9 Managing Switch User 233
- Accounts 233
- User Database Specifications 234
- User Account Defaults 234
- Overview of User Accounts 236
- “Managing Switch Security.” 237
- Startup Defaults 238
- Default User Settings 241
- How User Settings Are Saved 243
- Creating a User 244
- Removing a User 245
- User-Configured Password 246
- 4 Enter the password again 247
- Default Password Expiration 252
- -> user password-history 2 253
- -> user password-history 0 253
- -> user password-min-age 7 254
- -> user lockout-window 30 255
- -> user lockout j_smith 258
- -> user unlock j_smith 258
- -> user thomas no snmp 263
- Setting Up End-User Profiles 264
- Creating End-User Profiles 265
- 10 Managing Switch Security 271
- Switch Security Defaults 272
- Switch Security Overview 273
- Authenticated Switch Access 274
- ASA and Authenticated VLANs 275
- Enabling Switch Access 280
- Using Secure Shell 281
- 11 Using WebView 285
- WebView CLI Defaults 286
- Browser Setup 286
- WebView CLI Commands 287
- Enabling/Disabling SSL 288
- Changing the HTTPS Port 288
- WebView Overview 289
- Toolbar 290
- View/Configuration Area 291
- A Software License and 293
- Copyright Statements 293
- C. Linux 297
- E. University of California 302
- G.Random.c 302
- H. Apptitude, Inc 303
- I. Agranat 303
- J. RSA Security Inc 303
- K. Sun Microsystems, Inc 304
- L. Wind River Systems, Inc 304
- N.Remote-ni 305
- O.GNU Zip 305
- Q.Boost C++ Libraries 306
- R. U-Boot 306
- S. Solaris 306
- U. CURSES 307
- V. Z M o d e m 307
- W.Boost Software License 307
- X. OpenLDAP 307
- Y. B IT M A P.C 308
- Z. University of Toronto 308
- AA.Free/OpenBSD 308
- B SNMP Trap Information 309
- SNMP Traps Table 310
- alaPimGroup 327
Relacionado con productos y manuales para Redes Alcatel OmniSwitch/Router
Redes Alcatel OS6400-48 Manual de usuario
(8 paginas)
(8 paginas)
© 2020, manymanuals.es. Todos los derechos reservados | 0.138 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales