Lenovo RackSwitch G8264CS Application Manual page 5
Hide thumbs
Also See for RackSwitch G8264CS:
- Cli command reference (703 pages) ,
- Installation manual (96 pages) ,
- Product manual (27 pages)
Table of Contents
Advertisement
© Copyright Lenovo 2017
End User Access Control. . . . . . . . . . . . . . . . . . . . . . . . .93
Considerations for Configuring End User Accounts . . . . . . . . . . .93
Strong Passwords . . . . . . . . . . . . . . . . . . . . . . . . . .93
User Access Control . . . . . . . . . . . . . . . . . . . . . . . . .94
Setting up User IDs . . . . . . . . . . . . . . . . . . . . . . .94
Defining a User's Access Level . . . . . . . . . . . . . . . . . .94
Validating a User's Configuration . . . . . . . . . . . . . . . . .94
Enabling or Disabling a User . . . . . . . . . . . . . . . . . . .94
Locking Accounts . . . . . . . . . . . . . . . . . . . . . . . .94
Re-Enabling Locked Accounts. . . . . . . . . . . . . . . . . . .95
Listing Current Users . . . . . . . . . . . . . . . . . . . . . . . .95
Logging into an End User Account . . . . . . . . . . . . . . . . . .95
Password Fix-Up Mode . . . . . . . . . . . . . . . . . . . . . . .95
Chapter 5. Authentication & Authorization Protocols . . . . . . . . . 97
RADIUS Authentication and Authorization . . . . . . . . . . . . . . . .98
How RADIUS Authentication Works . . . . . . . . . . . . . . . . .98
Configuring RADIUS on the Switch . . . . . . . . . . . . . . . . . .98
RADIUS Authentication Features in Enterprise NOS . . . . . . . . . . 100
Switch User Accounts . . . . . . . . . . . . . . . . . . . . . . . 100
RADIUS Attributes for Enterprise NOS User Privileges . . . . . . . . 101
TACACS+ Authentication . . . . . . . . . . . . . . . . . . . . . . . 102
How TACACS+ Authentication Works. . . . . . . . . . . . . . . . 102
TACACS+ Authentication Features in Enterprise NOS . . . . . . . . . 103
Authorization . . . . . . . . . . . . . . . . . . . . . . . . . 103
Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Command Authorization and Logging . . . . . . . . . . . . . . . . 104
TACACS+ Password Change . . . . . . . . . . . . . . . . . . . . 105
Configuring TACACS+ Authentication on the Switch . . . . . . . . . 105
LDAP Authentication and Authorization . . . . . . . . . . . . . . . . 106
Configuring the LDAP Server. . . . . . . . . . . . . . . . . . . . 106
Configuring LDAP Authentication on the Switch . . . . . . . . . . . 106
Chapter 6. 802.1X Port-Based Network Access Control . . . . . . . . 109
Extensible Authentication Protocol over LAN . . . . . . . . . . . . . . 110
EAPoL Authentication Process . . . . . . . . . . . . . . . . . . . . . 111
EAPoL Message Exchange . . . . . . . . . . . . . . . . . . . . . . . 112
EAPoL Port States . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Supported RADIUS Attributes . . . . . . . . . . . . . . . . . . . . . 114
EAPoL Configuration Guidelines . . . . . . . . . . . . . . . . . . . . 116
Chapter 7. Access Control Lists . . . . . . . . . . . . . . . . . . 117
Summary of Packet Classifiers . . . . . . . . . . . . . . . . . . . . . 118
Summary of ACL Actions . . . . . . . . . . . . . . . . . . . . . . . 119
Assigning Individual ACLs to a Port . . . . . . . . . . . . . . . . . . 120
ACL Order of Precedence . . . . . . . . . . . . . . . . . . . . . . . 120
ACL Metering and Re-Marking . . . . . . . . . . . . . . . . . . . . . 120
Metering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
Re-Marking . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
5
Contents
Advertisement
Table of Contents
Troubleshooting
