User Management And Security; Authentication, Authorization And Accounting (Aaa); Mellanox Technologies Confidential - Mellanox Technologies Mellanox SX1018 User Manual

 In order to block sending mDNS traffic from the management interface use the following
command:
switch (config) # no ha dns enable
switch (config) #
4.10

User Management and Security

4.10.1 Authentication, Authorization and Accounting (AAA)

AAA is a term describing a framework for intelligently controlling access to computer resources,
enforcing policies, auditing usage, and providing the information necessary to bill for services.
These combined processes are considered important for effective network management and secu-
rity. The AAA feature allows you to verify the identity of, grant access to, and track the actions of
users managing the MLNX-OS switch. The MLNX-OS switch supports Remote Access Dial-In
User Service (RADIUS) or Terminal Access Controller Access Control device Plus (TACACS+)
protocols.
• Authentication - authentication provides the initial method of identifying each individ-
ual user, typically by entering a valid username and password before access is granted.
The AAA server compares a user's authentication credentials with the user credentials
stored in a database. If the credentials match, the user is granted access to the network
or devices. If the credentials do not match, authentication fails and network access is
denied.
• Authorization - following the authentication, a user must gain authorization for per-
forming certain tasks. After logging into a system, for instance, the user may try to issue
commands. The authorization process determines whether the user has the authority to
issue such commands. Simply put, authorization is the process of enforcing policies:
determining what types or qualities of activities, resources, or services a user is permit-
ted. Usually, authorization occurs within the context of authentication. Once you have
authenticated a user, they may be authorized for different types of access or activity.
• Accounting - the last level is accounting, which measures the resources a user con-
sumes during access. This includes the amount of system time or the amount of data a
user has sent and/or received during a session. Accounting is carried out by logging of
session statistics and usage information, and is used for authorization control, billing,
trend analysis, resource utilization, and capacity planning activities.
Authentication, authorization, and accounting services are often provided by a dedicated AAA
server, a program that performs these functions. Network access servers interface with AAA
servers using the Remote Authentication Dial-In User Service (RADIUS) protocol.
For information on the AAA commands, please refer to Mellanox MLNX-OS Command Refer-
ence Guide.
4.10.1.1 RADIUS
RADIUS (Remote Authentication Dial-In User Service), widely used in network environments,
is a client/server protocol and software that enables remote access servers to communicate with a
central server to authenticate dial-in users and authorize their access to the requested system or
service. It is commonly used for embedded network devices such as routers, modem servers,
switches and so on. RADIUS is currently the de-facto standard for remote authentication. It is
prevalent in both new and legacy systems.

Mellanox Technologies Confidential

Mellanox Technologies 54
Rev 1.6.9