Manuals / Blade ICE / Computer Equipment / Personal Computer

Blade ICE G8124-E manual SSH/SCP Integration with TACACS+ Authentication, SecurID Support

Models: G8124-E G8124

1 388
Download 388 pages 26.11 Kb
Page 61
Image 61

BLADEOS 6.5.2 Application Guide

SSH/SCP Integration with TACACS+ Authentication

SSH/SCP is integrated with TACACS+ authentication. After the TACACS+ server is enabled on the switch, all subsequent SSH authentication requests will be redirected to the specified TACACS+ servers for authentication. The redirection is transparent to the SSH clients.

SecurID Support

SSH/SCP can also work with SecurID, a token card-based authentication method. The use of SecurID requires the interactive mode during login, which is not provided by the SSH connection.

Note – There is no SNMP or Browser-Based Interface (BBI) support for SecurID because the SecurID server, ACE, is a one-time password authentication and requires an interactive session.

Using SecurID with SSH

Using SecurID with SSH involves the following tasks.

￿To log in using SSH, use a special username, “ace,” to bypass the SSH authentication.

￿After an SSH connection is established, you are prompted to enter the username and password (the SecurID authentication is being performed now).

￿Provide your username and the token in your SecurID card as a regular Telnet user.

Using SecurID with SCP

Using SecurID with SCP can be accomplished in two ways:

￿Using a RADIUS server to store an administrator password.

You can configure a regular administrator with a fixed password in the RADIUS server if it can be supported. A regular administrator with a fixed password in the RADIUS server can perform both SSH and SCP with no additional authentication required.

￿Using an SCP-only administrator password.

Set the SCP-only administrator password (ssh scp-password) to bypass checking SecurID.

An SCP-only administrator’s password is typically used when SecurID is not used. For example, it can be used in an automation program (in which the tokens of SecurID are not available) to back up (download) the switch configurations each day.

Note – The SCP-only administrator’s password must be different from the regular administrator’s password. If the two passwords are the same, the administrator using that password will not be allowed to log in as an SSH user because the switch will recognize him as the SCP-only administrator. The switch will only allow the administrator access to SCP commands.

BMD00220, October 2010

Chapter 3: Securing Administration ￿ 61

Page 60 Page 62
Page 61
Image 61
Blade ICE G8124-E manual SSH/SCP Integration with TACACS+ Authentication, SecurID Support, Using SecurID with SSH
Page 60 Page 62

G8124-E, G8124 specifications

The Blade ICE G8124 is a cutting-edge networking solution designed for high-performance data center environments. It has emerged as a popular choice among organizations that require reliable and efficient network infrastructure to support their growing demands for bandwidth and low-latency connectivity.

One of the key features of the Blade ICE G8124 is its high port density. This networking device typically offers 24 ports of 10 Gigabit Ethernet, ensuring that businesses can connect numerous devices without requiring extensive physical space. The design is also scalable, accommodating future expansion as organizational needs grow.

Another significant aspect of the G8124 is its advanced switching capabilities. It utilizes a non-blocking architecture, enabling simultaneous data transmissions on all ports. This characteristic ensures that there is no bottleneck in the network traffic, providing the high performance needed in data-intensive applications.

The G8124 incorporates various technologies to enhance its functionalities. It supports Layer 2 and Layer 3 switching, making it versatile for different networking needs. Additionally, it features comprehensive Quality of Service (QoS) settings that prioritize critical applications, such as VoIP and video streaming, ensuring smooth operation even under heavy loads.

In terms of security, the Blade ICE G8124 provides robust measures to protect the network. It supports features such as Access Control Lists (ACLs), port security, and VLANs, allowing administrators to segment the network and restrict unauthorized access. These security capabilities are vital in today’s landscape, where cyber threats are increasingly common.

Moreover, the G8124 offers excellent management features. It includes an intuitive user interface for easy configuration and monitoring of network performance. SNMP support allows integration with network management systems, providing administrators with insights needed to optimize their operations.

Power efficiency is also a hallmark of the Blade ICE G8124. It employs energy-saving technologies that reduce operational costs, an essential factor for environmentally-conscious organizations striving to minimize their carbon footprint.

In summary, the Blade ICE G8124 stands out with its high port density, advanced switching capabilities, robust security features, and efficient management options. This networking solution is designed to meet the demands of modern data centers, providing the performance, reliability, and scalability that organizations require. With its innovative technologies, the G8124 ensures that businesses can navigate the complexities of today's networking landscape effectively.