Configuring Security; Configuring User Accounts - SMC Networks SMCGS10C-SMART Management Manual

Web smart 10-port ge switch

Hide thumbs Also See for SMCGS10C-SMART:

Specifications (2 pages)

Installation manual (65 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

278

279

280

281

282

Table of Contents

ONFIGURING

ECURITY

ONFIGURING

SER

CCOUNTS

You can configure this switch to authenticate users logging into the system

for management access or to control client access to the data ports.

Management Access Security (Switch menu) – Management access to the

switch can be controlled through local authentication of user names and

passwords stored on the switch, or remote authentication of users via a

RADIUS or TACACS+ server. Additional authentication methods includes

Secure Shell (SSH), Secure Hypertext Transfer Protocol (HTTPS) over the

Secure Socket Layer (SSL), static configuration of client addresses, and

SNMP.

General Security Measures (Network menu) – This switch supports many

methods of segregating traffic for clients attached to each of the data

ports, and for ensuring that only authorized clients gain access to the

network. Private VLANs and port-based authentication using IEEE 802.1X

are commonly used for these purposes. In addition to these methods,

several other options of providing client security are supported by this

switch. These include limiting the number of users accessing a port. The

addresses assigned to DHCP clients can also be carefully controlled using

static or dynamic bindings with DHCP Snooping and IP Source Guard

commands. ARP Inspection can also be used to validate the MAC address

bindings for ARP packets, providing protection against ARP traffic with

invalid MAC to IP address bindings, which forms the basis for "man-in-the-

middle" attacks.

Use the User Configuration page to control management access to the

switch based on manually configured user names and passwords.

ATH

Configuration, Security, Switch, Users

OMMAND

SAGE

The default guest name is "guest" with the password "guest." The

◆

default administrator name is "admin" with the password "admin."

The guest only has read access for most configuration parameters.

◆

However, the administrator has write access for all parameters

governing the onboard agent. You should therefore assign a new

administrator password as soon as possible, and store it in a safe place.

The administrator has a privilege level of 15, with access to all process

◆

groups and full control over the device. If the privilege level is set to

any other value, the system will refer to each group privilege level. The

user's privilege should be same or greater than the group privilege

level to have the access of a group. By default, most of the group

privilege levels are set to 5 which provides read-only access and

privilege level 10 which also provides read/write access. To perform

system maintenance (software upload, factory defaults, etc.) the user's

privilege level should be set to 15. Generally, the privilege level 15 can

– 55 –

| Configuring the Switch

HAPTER