Example: Setting The Service Type For A Built-In Ridgeline Role; Securing Management Traffic; Using Snmpv3 For Secure Management - Extreme Networks Ridgeline Guide Manual

Managing Network Security
Attribute format: String
Attribute value: AlarmsOnly
Once this has been set up, for all users logging into Ridgeline who match the conditions defined in the
remote access policy, a VSA with value "AlarmsOnly" will be passed to Ridgeline. Ridgeline then will
apply the user role "AlarmsOnly" to those users to provide feature access as defined by that role.

Example: Setting the Service Type for a Built-in Ridgeline Role

If you plan use an external RADIUS server to authenticate Ridgeline users, but you do not want to
configure your RADIUS server with a VSA to pass role information, then you must configure your
RADIUS server's "Service type" attribute (in the Remote Access Policy for the users who will should
have access to Ridgeline) to specify the type of Ridgeline user to be authenticated, as follows:
For users with an Admin role, set the Service type = 6
●
For users with a Manager role, set the Service type = 5
●
For users with a Monitor role, set the Service type = 1
●
To disable authentication, set the Service type to "Disabled"
●
If you do not change from the default (which is to disable authentication), no Ridgeline users will be
able to authenticate.
If you set this Service Type in your standard Remote Access Policy, only one type of user can be
authenticated using this method. To allow the authentication of multiple types of Ridgeline users,
follow the instructions in the previous section,
Information" or see the detailed example in
Authentication".

Securing Management Traffic

Management traffic between a management application like Ridgeline and the managed network
devices can reveal confidential information about your network if this traffic is transmitted in the clear.
Two approaches to encrypting this traffic is managing the network products using SNMPv3, or
accessing the network product directly using SSH.

Using SNMPv3 for Secure Management

SNMPv3 is a series RFCs (RFC 2273 through RFC 2275) defined by IETF to provide management
capabilities that guarantee authentication, message integrity, and confidentiality of management traffic.
SNMPv3 includes the option to encrypt traffic between the agent (residing on the network device) and
the management application (Ridgeline). This prevents unauthorized eavesdropping on sensitive
management data.
Ridgeline can discover SNMPv3 devices in your enterprise network. In the Discover Device window
(Select New > Discover Device from the File menu), select the Enable SNMPv3 discovery checkbox to
add SNMPv3-enabled devices to your inventory.
You can also add a device to Ridgeline, manually entering the SNMPv3 settings for the device. This
includes the authentication and privacy settings for SNMPv3 and the passwords.
192
"Example: Setting up a VSA to Return Ridgeline Role
Appendix D, "Configuring RADIUS for Ridgeline
Ridgeline Concepts and Solutions Guide