Defining Access Profiles - Cisco SF500-24 Administration Manual

Configuring Security

Defining Access Profiles

STEP 4
Defining Access Profiles
Cisco 500 Series Stackable Managed Switch Administration Guide
• None—User is allowed to access the switch without authentication.
• Local—Username and password are checked against the data stored on the
local switch. These username and password pairs are defined in the User
Accounts page.
The Local or None authentication method must always be
NOTE
selected last. All authentication methods selected after Local or None
are ignored.
Click Apply. The selected authentication methods are associated with the access
method.
Access profiles determine how to authenticate and authorize users accessing the
switch through various access methods. Access Profiles can limit management
access from specific sources.
Only users who pass both the active access profile and the management access
authentication methods are given management access to the switch.
There can only be a single access profile active on the switch at one time.
Access profiles consist of one or more rules. The rules are executed in order of
their priority within the access profile (top to bottom).
Rules are composed of filters that include the following elements:
• Access Methods—Methods for accessing and managing the switch:
- Telnet
- Secure Telnet (SSH)
- Hypertext Transfer Protocol (HTTP)
- Secure HTTP (HTTPS)
- Simple Network Management Protocol (SNMP)
- All of the above
• Action—Permit or deny access to an interface or source address.
18
307