C
A
ONFIGURING
UTHENTICATION FOR
Configuring Authentication for Management Access and 802.1X
M
ANAGEMENT
Use the Authentication Configuration page to specify the authentication
method for controlling management access through Telnet, SSH or HTTP/
HTTPS. Access can be based on the (local) user name and password
configured on the switch, or can be controlled with a RADIUS or TACACS+
remote access authentication server. Note that the RADIUS servers used to
authenticate client access for IEEE 802.1X port authentication are also
configured on this page (see
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access
Controller Access Control System Plus (TACACS+) are logon authentication
protocols that use software running on a central server to control access to
RADIUS-aware or TACACS-aware devices on the network. An
authentication server contains a database of multiple user name/password
pairs with associated privilege levels for each user that requires
management access to the switch.
Web
Telnet
RADIUS/
TACACS+
server
U
G
SAGE
UIDELINES
The switch supports the following authentication services:
◆
Authorization of users that access the Telnet, SSH, the web, or
■
console management interfaces on the switch.
Accounting for users that access the Telnet, SSH, the web, or
■
console management interfaces on the switch.
Accounting for IEEE 802.1X authenticated users that access the
■
network through the switch. This accounting can be used to provide
reports, auditing, and billing for services that users have accessed.
By default, management access is always checked against the
◆
authentication database stored on the local switch. If a remote
authentication server is used, you must specify the authentication
method and the corresponding parameters for the remote
authentication protocol. Local and remote logon authentication control
management access via Telnet, SSH, a web browser, or the console
interface.
– 65 –
C
4
HAPTER
A
802.1X
CCESS AND
page
81).
console
1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.
| Configuring the Switch