Quick Steps For Setting Up Asa - Alcatel-Lucent OmniSwitch 6450 Management Manual

Managing Switch Security

Quick Steps for Setting Up ASA

1 If the local user database is used for user login information, set up user accounts through the user
command. User accounts includes user privileges or an end-user profile. In this example, user privileges
are configured:
-> user thomas password pubs read-write domain-network ip-helper telnet
If SNMP access is configured for the user, the global SNMP setting for the switch can be configured
through the snmp security
information about setting up user accounts.
2 If an external RADIUS or LDAP server will is used for user login information, use the
aaa radius-server or
servers. For example:
-> aaa radius-server rad1 host 10.10.1.2 timeout 3
For more information, see the "Managing Authentication Servers" chapter in the OmniSwitch 6250/6450
Network Configuration Guide.
3 Use the aaa authentication
access is permitted (such as console, telnet, ftp, http, or ssh). Specify the server and backup servers to be
used for checking user login and privilege information. Multiple servers of different types can be
specified. For example:
-> aaa authentication telnet rad1 ldap2 local
The order of the server names is important. The switch uses the first available server in the list. In this
example, the switch would use rad1 to authenticate Telnet users. If rad1 becomes unavailable, the switch
will use ldap2. If ldap2 then becomes unavailable, the switch will use the local user database to authenti-
cate users.
4 Repeat step 3 for each management interface to which you want to configure access; or use the default
keyword to specify access for all interfaces for which access is not specifically denied. For example, if
you want to configure access for all management interfaces except HTTP, you would enter:
-> no aaa authentication http
-> aaa authentication default rad1 local
Note the following:
• SNMP access can only use LDAP servers or the local user database. If you configure the default
management access with only RADIUS and/or ACE, SNMP will not be enabled.
• It is recommended that Telnet and FTP be disabled if Secure Shell (ssh) is enabled.
• If you want to use WebView to manage the switch, make sure HTTP is enabled.
5 Specify an accounting server if a RADIUS or LDAP server will be used for accounting. Specify local
if accounting can be done on the switch through the Switch Logging feature. Multiple servers can be
specified as backups.
-> aaa accounting session ldap2 local
OmniSwitch 6250/6450 Switch Management Guide
command. See Chapter 9, "Managing Switch User Accounts,"
aaa tacacs+-server commands to configure the switch to communicate with these
command to specify the management interface through which switch
June 2013
Quick Steps for Setting Up ASA
for more
page 10-7