Setting Up Management Interfaces For Asa - Alcatel-Lucent OmniSwitch 6450 Management Manual

Managing Switch Security

Setting Up Management Interfaces for ASA

By default, authenticated access is available through the console port. Access through other management
interfaces is disabled. Other management interfaces include Telnet, FTP, HTTP, Secure Shell, and SNMP.
This chapter describes how to set up access for management interfaces. For more details about particular
management interfaces and how they are used, see
To give switch access to management interfaces, use the
access to each interface type; the default keyword can be used to configure access for all interface types.
Specify the server(s) to be used for authentication through the indicated management interface.
Keywords used for specifying management interfaces are listed here:
keywords
console
telnet
ftp
http
ssh is the keyword used to specify Secure Shell.
To specify an external authentication server or servers, use the RADIUS or LDAP server name or the
keyword ace for an ACE/Server. To specify that the local user database must be used for authentication,
use the local keyword. Up to four servers can be specified.
RADIUS and LDAP servers are set up to communicate with the switch via the
aaa tacacs+-server commands. ACE/Servers do not require any configuration, but you must FTP the
sdconf.rec file from the server to the switch's network directory. For more information about configur-
ing the switch to communicate with these servers, see the "Managing Authentication Servers" chapter of
the OmniSwitch 6250/6450 Network Configuration Guide.
Note. RADIUS or LDAP servers used for authenticated switch access can also be used with authenticated
VLANs. Authenticated VLANs are described in the "Configuring Authenticated VLANs" chapter of the
OmniSwitch 6250/6450 Network Configuration Guide.
The order of the specified servers is important. The switch uses only one server for authentication—the
first available server in the list. All authentication attempts will be tried on that server. Other servers are
not tried, even if they are available. If local is specified, it must be last in the list since the local user data-
base is always available when the switch is up.
Servers can also be used for accounting, or logging, of authenticated sessions. See
ing for ASA" on page
The following table describes the management access interfaces or methods and the types of authentica-
tion servers that can be used with them:
Server Type
RADIUS
LDAP
ACE/Server
local
OmniSwitch 6250/6450 Switch Management Guide
ssh
snmp
default
10-12.
Management Access Method
Telnet, FTP, HTTP, Secure Shell
Telnet, FTP, HTTP, Secure Shell, SNMP
Telnet, FTP, HTTP, Secure Shell
console, FTP, HTTP, Secure Shell, SNMP
June 2013
Setting Up Management Interfaces for ASA
Chapter 2, "Logging Into the Switch."
aaa authentication command to allow or deny
aaa radius-server and
"Configuring Account-
page 10-9