User Authentication; Network Login - Extreme Networks ExtremeWare Command Reference Manual

Security Commands
Route maps are used to modify or filter routes redistributed between two routing domains. They are also
used to modify or filter the routing information exchanged between the domains.
To use route maps, follow these steps:
1 Create a route map.
2 Add entries to the route map.
3 Add statements to the route map entries.
SSH
Secure Shell 2 (SSH2) is a feature of ExtremeWare that allows you to encrypt Telnet session data
between a network administrator using SSH2 client software and the switch, or to send encrypted data
from the switch to an SSH2 client on a remote system. Image and configuration files may also be
transferred to the switch using the Secure Copy Protocol 2 (SCP2)

User Authentication

Remote Authentication Dial In User Service (RADIUS, RFC 2138) is a mechanism for authenticating and
centrally administrating access to network nodes. The ExtremeWare RADIUS client implementation
allows authentication for Telnet, Vista, or console access to the switch.
Extreme switches are also capable of sending RADIUS accounting information. You can configure
RADIUS accounting servers to be the same as the authentication servers, but this is not required.
Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing
authentication, authorization, and accounting on a centralized server, similar in function to the RADIUS
client. The ExtremeWare version of TACACS+ is used to authenticate prospective users who are
attempting to administer the switch. TACACS+ is used to communicate between the switch and an
authentication database.
NOTE
You cannot use RADIUS and TACACS+ at the same time.
Network login is a feature designed to control the admission of user packets into a network by giving
addresses only to users that have been properly authenticated. Network login is controlled by an
administrator on a per port, per VLAN basis and uses an integration of DHCP, user authentication over
the web interface, and, sometimes, a RADIUS server to provide a user database or specific configuration
details.

Network Login

Network login has two modes of operation:
• Campus mode, used when a port in a VLAN will move to another VLAN when authentication has
been completed successfully. This mode is for the roaming user who will not always be using the
570 ExtremeWare Software 7.0.0 Command Reference Guide