Table of Contents
Advertisement
11
AAA Authorization and Accounting
Security Measures
You can configure this switch to authenticate users logging into the system for
management access using local or remote authentication methods. Port-based
authentication using IEEE 802.1X can also be configured to control either
management access to the uplink ports or client access to the data ports. This
switch provides secure network management access using the following options:
◆
AAA
– Use local or remote authentication to configure access rights, and
specify authentication servers.
◆
User Accounts
– Manually configure access rights on the switch for specified
users.
◆
HTTPS
– Provide a secure web connection.
◆
SSH
– Provide a secure shell (for secure Telnet access).
◆
ACL
– Access Control Lists provide packet filtering for IP frames (based on
address, protocol, Layer 4 protocol port number or TCP control code).
◆
IP Filter
– Filters management access to the web, SNMP or Telnet interface.
Note:
The priority of execution for the filtering commands is Port Security, Port
Authentication, Network Access, Web Authentication, Access Control Lists, IP
Source Guard, and then DHCP Snooping.
The authentication, authorization, and accounting (AAA) feature provides the main
framework for configuring access control on the switch. The three security
functions can be summarized as follows:
◆
Authentication — Identifies users that request access to the network.
◆
Authorization — Determines if users can access specific services.
◆
Accounting — Provides reports, auditing, and billing for services that users
have accessed on the network.
The AAA functions require the use of configured RADIUS or TACACS+ servers in the
network. The security servers can be defined as sequential groups that are applied
– 201 –
Advertisement
Table of Contents
