Providing User Access Security
This chapter contains the following major sections:
•
Choosing a TACACS+ Server and Authentication Method
•
Configuring TACACS+ Server Connection Options on page 137
•
Configuring a RADIUS Connection on page 138
•
Enabling Secure Management with SSH on page 140
SFTOS supports several user-access security methods to the switch, including local (see
and Password on page
Access Control System (TACACS+), and encrypted transport session (between the management station
and switch) using Secure Shell (SSH). This chapter describes how to configure each of those methods.
For more on port security configuration (including MD5), see the Security deck of the S-Series Training
slides, which are on the S-Series Documentation CD-ROM.
Choosing a TACACS+ Server and Authentication Method
To use TACACS+ to authenticate users, you specify at least one TACACS+ server with which the S-Series
will communicate, then identify TACACS+ as one of your authentication methods. To select TACACS as
the login authentication method, use the following command sequence:
Step
Command Syntax
1
tacacs-server host
exit
1
2
authentication login
{
method1
[
method2
3
users defaultlogin
36), port security (IEEE 802.1X) through RADIUS and Terminal Access Controller
Command
Mode
Global Config
ip-address
TACACS
Config
Global Config
listname
[
method3
]]}
Global Config
listname
Purpose
Configure a TACACS+ server host. Enter the IP
address or host name of the TACACS+ server. You can
use this command multiple times to configure multiple
TACACS+ server hosts.
Return to Global Config mode. Alternatively, while
you are still in TACACS Config mode, you can set
values for server-specific parameters, such as priority,
key, and timeout. See
Configuring TACACS+ Server
Connection Options on page
Create a method-list name and specify that TACACS is
one method for login authentication.
Assign a method list to use to authenticate
non-configured users when they attempt to log in to
the system.
Providing User Access Security | 135
9
Creating a User
137.