Overview of Security Methods

3.4OVERVIEW OF SECURITY METHODS

Six security methods are available to control which users are allowed access to the switch’s host to monitor and control the switch.

Login Security Password – used to access the Device Menu screen to start a Local Management session via a Telnet connection or local COM port connection. Whenever a connection is made to the switch, the Local Management Password screen displays. Before continuing, you must enter a login password, which is compared to the stored passwords and associated management level access policies configured using the Security screen described in Section 3.5.

SNMP Community String – allows access to the switch via a network SNMP management application. To access the switch, you must enter an SNMP Community Name string. The level of management access is dependent on the SNMP Community Name and the associated Access Policy configured in the SNMP Community Names Configuration screen described in Section 4.4.

NOTES: You can set the same string as a Security login password and SNMP Community Name. This allows you to access and manage the switch whether you are starting a Local Management session via a Telnet connection or local COM port connection, or using a network SNMP management application.

If the login security password is different from the SNMP Community Name, the two cannot be used interchangeably to access the switch.

Host Access Control Authentication (HACA) – authenticates user access of Telnet management, console local management and WebView via a central Radius Client/Server application using the Password screen described in Section 3.6. For an overview of HACA and a description of how to set the to access policy using the Radius Configuration screen, refer to Section 3.4.1 and Section 3.7.

Host Access Control List (ACL) – allows only the defined list of IP Addresses to communicate with the host for Telnet, WebView (HTTP) and SNMP. To set up these parameters refer to the Host Access Control List (ACL) screen described in Section 4.6.

802.1X Port Based Network Access Control – provides a mechanism for administrators to securely authenticate and grant appropriate access to end user devices (supplicants) directly attached to switch ports. For more information, refer to Section 3.4.2.

MAC Authentication – provides a mechanism for administrators to securely authenticate and grant appropriate access to end user devices directly attached to switch ports. For more information, refer to Section 3.4.3.

Accessing Local Management 3-11

Page 48 Page 50
Page 49
Image 49
Enterasys Networks 2H253, 2E253, 2H252, 2H258 manual Overview of Security Methods
Page 48 Page 50
Top Page Image Contents