1. Manuals
  2. Brands
  3. Enterasys Manuals
  4. Switch
  5. 2H25x
  6. User manual

Overview Of Security Methods; Host Access Control Authentication (Haca) - Enterasys 2H25x User Manual

Standalone switches local management user’s guide
Hide thumbs
Table of Contents

Advertisement

Overview of Security Methods

3.4
OVERVIEW OF SECURITY METHODS
Three security methods are available to control which users are allowed access to the switch's host
to monitor the configuration and control of the switch.
• Host Access Control List (ACL) – allows only the defined list of IP Addresses to communicate
with the host for Telnet, WebView (HTTP) and SNMP. To set up these parameters refer to the
Host Access Control List (ACL) screen described in
• Switch Local Management Application Password – allows three levels of SNMP local
management access via serial console or telnet (super user, read-write and read-only) using the
the Password screen described in
access are set using the SNMP Community Names Configuration screen described in
Section
4.4.
• Host Access Control Authentication (HACA) – authenticates user access of Telnet management,
console local management and WebView via a central Radius Client/Server application using the
Password screen described in
to set the switch access policy using the Radius Configuration screen, refer to
Section
3.7.
3.4.1

Host Access Control Authentication (HACA)

To use HACA, the embedded Radius Client on the switch must be configured to communicate with
the Radius Server, and the Radius Server must be configured with the password information. The
Enterasys implementation uses Funk Software Steel-Belted Radius server software, This software
provides the ability to centralize the Authentication, Authorization, and Accounting (AAA) of the
network resources. For more information, refer to the RFC 2865 (Radius Authentication) and
RFC 2866 (Radius Accounting) for a description of the protocol.
Each switch has its own Radius Client. The client can be configured via
• the Radius Configuration screen described in
• the Network Tools Command Line Interface (CLI) using the "radius" and "access" commands
described in
Chapter
The IP address of the Radius Server (and, if available, the secondary server IP address) and
shared secret text string must be configured on the Radius Client. The client can use either the
Password Authentication Protocol (PAP) or the Challenge Handshake Authentication Protocol
(CHAP) to communicate the user name and encrypted password to the Radius Server.
3-10
Accessing Local Management
Section
Section
3.6. For an overview of HACA and a description of how
11.
Section
4.6.
3.2. The three levels of remote SNMP management
Section
3.7, or
Section 3.4.1
and

Advertisement

Table of Contents
loading

Related Manuals for Enterasys 2H25x

Related Content for Enterasys 2H25x

This manual is also suitable for:

Smartswitch 22002e25xSmartswitch 2200 seriesSmartswitch 2200 2e25 seriesSmartswitch 2200 2h25 seriesSmartswitch 2200 2h252-25r

Table of Contents