Enterasys Networks 2H258, 2E253, 2H253, 2H252 manual Overview of Security Methods

Overview of Security Methods

Only one password is allowed per access level. This enables the Radius Server to track the users accessing the switch host and how long they used the host application.

All radius values, except the server IPs and shared secrets, are assigned reasonable default values when radius is installed on a new switch. The defaults are as follows:

•Client, disabled

•Timeout, 20 seconds

•Retries, 3

•Primary and secondary Authentication ports: 1812 (per RFC 2865)

•Primary and secondary Accounting ports: 1813 (per RFC 2866)

•Last-resort for local and remote is CHALLENGE

If only one server is configured, it must be the primary server. It is not necessary to reboot after the client is reconfigured.

The client cannot be enabled unless the primary server is configured with at least the minimum configuration information.

NOTE: The minimum additional information that must be configured to use a server is its IP address and Shared Secret.

When the Radius Client is active on the switch, you are prompted by an authorization screen for a user login name and password when attempting to access the host IP address via the local console LM, Telnet to LM, or WebView application. The embedded Radius Client encrypts the information entered by the user and sends it to the Radius Server for validation. Then the server returns a yes or no response back to the client, allowing or denying the user to access the host application with the proper access level.

An access-accept response returns a message USER AUTHORIZATION = <ACCESS LEVEL> for 3 seconds and then the main screen of the application is displayed. An access-denied response causes an audible “beep” and the screen to return to the user name prompt.

If the Radius Client is unable to receive a response from the Radius Server, because the Radius Server is down or inaccessible, the Radius Client will time out to a default value of 20 seconds.

Accessing Local Management 3-13