Alcatel OmniSwitch/Router Betriebsanweisung Seite 275
- Seite / 346
- Inhaltsverzeichnis
- FEHLERBEHEBUNG
- LESEZEICHEN
Bewertet. / 5. Basierend auf Kundenbewertungen
Managing Switch Security Authenticated Switch Access
OmniSwitch 6250/6450 Switch Management Guide May 2012 page 10-5
The following illustration shows the two different user types attempting to authenticate with an ACE/
Server:
Note. A RADIUS server supporting the challenge and response mechanism as defined in RADIUS
RFC 2865 can access an ACE/Server for authentication purposes. The ACE/Server is then used for user
authentication, and the RADIUS server is used for user authorization.
Interaction With the User Database
By default, switch management users can be authenticated through the console port via the local user data-
base. If external servers are configured for other management interfaces (such as Telnet, or HTTP), but the
servers become unavailable, the switch will poll the local user database for login information.
Access to the console port provides secure failover in case of misconfiguration or if external authentica-
tion servers become unavailable. The admin user is always authorized through the console port via the
local database (provided the correct password is supplied), even if access to the console port is disabled.
The database includes information about whether or not a user is able to log into the switch and which
kinds of privileges or rights the user has for managing the switch. The database can be set up by the
admin user or any user with write privileges to the AAA commands.
See Chapter 9, “Managing Switch User Accounts,” for more information about setting up the user data-
base.
ASA and Authenticated VLANs
Layer 2 Authentication uses Authenticated VLANs to authenticate users through the switch out to a
subnet. Authenticated Switch Access authenticates users into the switch to manage it. The features are
independent of each other; however, user databases for each feature can be located on the same authentica-
tion server.
For more information on authenticated VLANs, and authentication servers, see “Configuring Authenti-
cated VLANs” and “Configuring Authentication Servers” in the
OmniSwitch 6250/6450 Network Configuration Guide.
The switch polls the server
for login information; end-
user profiles are stored on
the switch.
ACE/Server
OmniSwitch
login request
The switch polls the server
for login information; privi-
leges are stored on the
switch.
ACE/Server
Authentication-Only Server (ACE/Server)
Customer
login request
OmniSwitch
Network Administrator
user
privilege
s
end-user
profiles
- OmniSwitch 6250/6450 1
- Switch Management Guide 1
- Contents 10
- About This Guide 13
- Who Should Read this Manual? 14
- What is in this Manual? 14
- What is Not in this Manual? 15
- Documentation Roadmap 16
- Related Documentation 18
- User Manual CD 20
- Technical Support 20
- 1 Managing System Files 21
- File Transfer 23
- Switch Directories 24
- File and Directory Management 25
- Using Wildcards 27
- Directory Commands 28
- Changing Directories 29
- Displaying Directory Contents 30
- Making a New Directory 31
- Copying an Existing Directory 32
- File Commands 34
- Secure Copy an Existing File 35
- Delete an Existing File 36
- Managing Files on Switches 37
- Utility Commands 38
- Using Secure Shell FTP 43
- Using TFTP to Transfer Files 45
- Using Zmodem 45
- Directories on the Switch 47
- Available Image Files 48
- Verifying Directory Contents 55
- Installing Software Licenses 56
- Licensed Features 57
- Setting the System Clock 59
- Enabling DST 62
- 2 Logging Into the Switch 65
- Login Specifications 67
- Login Defaults 67
- Management Interfaces 70
- User Accounts 71
- Using Telnet 72
- Using FTP 74
- Secure Shell Interface 77
- Secure Shell Authentication 79
- Connection Phase 80
- Modifying the Login Banner 85
- Configuring Login Parameters 87
- Enabling the DNS Resolver 88
- Verifying Login Settings 89
- 3 Using SNMP 91
- SNMP Specifications 92
- SNMP Defaults 92
- Using SNMP SNMP Defaults 93
- Management Station 94
- Filtering by Trap Families 95
- Filtering by Individual Traps 96
- SNMP Overview 97
- SNMP Versions 98
- Using SNMP SNMP Overview 99
- Configuring Community Strings 100
- Setting SNMP Security 102
- Working with SNMP Traps 103
- Authentication Trap 104
- Trap Management 104
- SNMP MIB Information 105
- Industry Standard MIBs 106
- Enterprise (Proprietary) MIBs 110
- 4 Configuring Network Time 115
- Protocol (NTP) 115
- NTP Specifications 116
- NTP Defaults Table 116
- NTP Quick Steps 117
- NTP Overview 119
- Using NTP in a Network 120
- Authentication 122
- Configuring NTP 123
- NTP Servers 124
- Setting the Version Number 125
- Marking a Server as Preferred 125
- Using Authentication 126
- Verifying NTP Configuration 127
- 5 Managing CMM 129
- Directory Content 129
- CMM Specifications 130
- CMM Files 131
- Software Rollback Feature 132
- Redundancy 137
- (Non-Redundant) 141
- Scheduling a Reboot 142
- Cancelling a Scheduled Reboot 142
- -> show reload 143
- -> show reload status 143
- Working Certified 144
- Primary CMM 144
- -> write memory 145
- Cancelling a Rollback Timeout 148
- -> copy working certified 150
- -> copy certified working 150
- Show Switch Files 152
- Rebooting the Switch 153
- -> copy flash-synchro 156
- -> takeover 157
- Using the USB Flash Drive 160
- Disaster Recovery Using USB 161
- Displaying CMM Conditions 163
- 6 Using the CLI 165
- CLI Specifications 166
- CLI Overview 167
- Text Conventions 168
- Using “Show” Commands 169
- Using the “No” Form 169
- Using “Alias” Commands 169
- Partial Keyword Completion 170
- Command Help 171
- Debug UPDATE, SHOW, NO, DEBUG 172
- Command Set Name Commands 172
- CLI Services 175
- Inserting Characters 176
- Syntax Checking 177
- Prefix Recognition 177
- Show Prefix 178
- Command History 179
- Enabling Command Logging 181
- Disabling Command Logging 181
- Changing the Screen Size 183
- Changing the CLI Prompt 183
- Displaying Table Information 184
- Filtering Table Information 185
- Multiple User Sessions 186
- Terminating Another Session 188
- Application Example 189
- Verifying CLI Usage 191
- 7 Working With 193
- Configuration Files 193
- Configuration Files Overview 198
- Cancelling a Timed Session 199
- Setting the Error File Limit 200
- Displaying a Text File 201
- Text Editing on the Switch 201
- Snapshot Feature List 202
- User-Defined Naming Options 203
- Editing Snapshot Files 203
- Example Snapshot File Text 204
- Verifying File Configuration 206
- 8 Managing Automatic 207
- Remote Configuration 207
- Download 207
- • Pathname: 255 characters 208
- • Filename: 63 characters 208
- Overview 211
- Network Components 212
- LED Status 213
- UDP/DHCP Relay 214
- Process Illustration 216
- Additional Process Notes 217
- Download Component Files 218
- Instruction File Syntax 219
- Firmware Upgrade Files 220
- Bootup Configuration File 220
- Debug Configuration File 221
- Script File 221
- Aggregate Association 222
- Nearest-Edge Mode Operation 226
- Access Switch 227
- Zero Touch License Upgrade 228
- Troubleshooting 229
- Script File Errors 230
- Error Description Table 231
- 9 Managing Switch User 233
- Accounts 233
- User Database Specifications 234
- User Account Defaults 234
- Overview of User Accounts 236
- “Managing Switch Security.” 237
- Startup Defaults 238
- Default User Settings 241
- How User Settings Are Saved 243
- Creating a User 244
- Removing a User 245
- User-Configured Password 246
- 4 Enter the password again 247
- Default Password Expiration 252
- -> user password-history 2 253
- -> user password-history 0 253
- -> user password-min-age 7 254
- -> user lockout-window 30 255
- -> user lockout j_smith 258
- -> user unlock j_smith 258
- -> user thomas no snmp 263
- Setting Up End-User Profiles 264
- Creating End-User Profiles 265
- 10 Managing Switch Security 271
- Switch Security Defaults 272
- Switch Security Overview 273
- Authenticated Switch Access 274
- ASA and Authenticated VLANs 275
- Enabling Switch Access 280
- Using Secure Shell 281
- 11 Using WebView 285
- WebView CLI Defaults 286
- Browser Setup 286
- WebView CLI Commands 287
- Enabling/Disabling SSL 288
- Changing the HTTPS Port 288
- WebView Overview 289
- Toolbar 290
- View/Configuration Area 291
- A Software License and 293
- Copyright Statements 293
- C. Linux 297
- E. University of California 302
- G.Random.c 302
- H. Apptitude, Inc 303
- I. Agranat 303
- J. RSA Security Inc 303
- K. Sun Microsystems, Inc 304
- L. Wind River Systems, Inc 304
- N.Remote-ni 305
- O.GNU Zip 305
- Q.Boost C++ Libraries 306
- R. U-Boot 306
- S. Solaris 306
- U. CURSES 307
- V. Z M o d e m 307
- W.Boost Software License 307
- X. OpenLDAP 307
- Y. B IT M A P.C 308
- Z. University of Toronto 308
- AA.Free/OpenBSD 308
- B SNMP Trap Information 309
- SNMP Traps Table 310
- alaPimGroup 327
Verwandte Produkte und Handbücher für Vernetzung Alcatel OmniSwitch/Router
(8 Seiten)© 2020, manymanuals.de. Alle Rechte vorbehalten. | 0.073 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern