Configuring Radius, User Accounts | IBM Partner Pavilion BMD00082

SmartConnect User’s Guide

RADIUS Authentication and Authorization

The VSE SmartConnect software supports the RADIUS (Remote Authentication Dial-in User Service) method to authenticate and authorize remote administrators for managing the switch. This method is based on a client/server model. The Remote Access Server (RAS)—the switch—is a client to the back-end database server. A remote user (the remote administrator) interacts only with the RAS, not the back-end server and database.

Configuring RADIUS

1.In the BBI, choose System Settings > Remote User Administration to configure RADIUS authentication.

2.In the Radius section of the window, enter the Primary Radius Server IP address and Radius secret.

3.Select enable for the Radius option.

4.Click Apply to make your changes active, and Save to retain changes beyond reboot.

User Accounts

The user accounts listed in Table 6-2 on page 72 can be defined in the RADIUS server dictio- nary file.

Table 6-2	User Access Levels

User Account	Description and Tasks Performed	Password

User	The User has no direct responsibility for switch management.	user
	The User can view all status information and statistics but cannot
	make any configuration changes to the switch.

Operator	The Operator manages all functions of the switch. The Operator	oper
	can reset ports or the entire switch.

Administrator	The Administrator has complete access to all menus, informa-	admin
	tion, and configuration commands on the switch, including the
	ability to change both the user and administrator passwords.

72 Chapter 6: Configuring Switch Access

BMD00082, February 2009

Image 74

IBM Partner Pavilion BMD00082 manual Radius Authentication and Authorization, Configuring Radius, User Accounts

Contents

User’s Guide SmartConnect User’s Guide Contents Switch Virtualization Part 2 BBI Reference Boot Management Switch Statistics SmartConnect User’s Guide Preface Who Should Use This User’s Guide Part 2 BBI Reference Part 1 Basic Concepts and ConfigurationWhat You’ll Find in This User’s Guide Typographic Conventions How to Get HelpTypographic Conventions 10 „ Preface Part 1 Basic Concepts & Configuration 12 „ Part 1 Basic Concepts & Configuration VSE SmartConnect Software Operation VSE SmartConnect Software Overview 14 „ VSE SmartConnect Software Operation Configuring the Chassis Processor Blades Configuring the Chassis Management SystemConfiguring the Upstream Networking Device VSE SmartConnect Software Quick Start 16 „ VSE SmartConnect Software Operation Requirements Web Browser Set UpGetting Started with the Browser- Based Interface ASmartConnect Login Prompt Starting the BBI Bbbi Startup Screen Loading the New Software Image Transferring the New Image to the SwitchUpdating the Software Image CBoot Management Window shown with Stacking enabled Uploading a Software Image from the Switch Selecting a Software Image to Run Selecting a Configuration Block Active, backup, or factory Resetting the Switch Switch Virtualization Virtual Machine Groups Virtual Switch GroupsPort Groups Link Aggregation Network Segmentation Port AccessVLANs Port-Based Vlan Tagging Defined VLANs Trunking External Trunks ATrunking External Ports Trunking Rules Statistical Load Distribution Built-In Fault ToleranceSwitch Failover Link Aggregation Control Protocol Setting the Number of Links to Trigger Failover Configuring Switch Failover Internal Trunks CTrunking Internal Ports Igmp Snooping Configuring a Backup Server Port ServerMobility General Configuration 1ServerMobility General Configuration Fields 2ServerMobility Port Configuration Fields Port ConfigurationConfiguration Dhcp Server Configuration SmartConnect User’s Guide 42 „ Switch Virtualization Stacking Stack Membership BackupStacking Requirements Master Master and Backup Selection Master and Backup Behavior Configuring a Stack Stack Member Numbers Configuring Each Switch Configure the Stack Trunk ports optional # cfg/stack/mif Viewing Stack Connections Additional Master ConfigurationLocating the Master Switch Internal Management IP Interface CStack Switch Configuration Window Binding Members to the Stack Configuring an External IP Address for the Stack DStack IP Interfaces Configuration Window Managing a Stack EPort Status with Stacking Stacking Port Numbers Stacking Internal Port SettingsAdditional Internal Port Settings for Stacking Stacking VLANs Upgrading Stack Software Stacking Boot ManagementStacking Boot Management buttons Info/stack/pushstat Command Reference CLI Menus Menu Summary „ Statistics Menu „ Boot Options Menu Applying Pending Changes Viewing, Applying, and Saving ChangesViewing Pending Changes Saving the Configuration # save Configuring Switch Access Management Module Setup Switch IP Addresses, Based on Switch-Module Bay Numbers Factory Default vs. MM Assigned IP AddressesConfiguring the Default Gateway Configuring Management Module for Switch Access ASwitch Configuration in the Management Module Window Cfg/sys/access/https/access e Using Telnet Connect to the Switch via SSH Access via Https Using the Browser-Based InterfaceAccess via Http Https//192.168.70.127 Securing Access to the Switch Setting Allowable Source IP Address Ranges Configuring an IP Address Range for the Management Network User Access Levels Radius Authentication and AuthorizationConfiguring Radius User Accounts User Name/Access User-Service-Type Value 3SmartConnect-Proprietary Attributes for Radius Authorization TACACS+ AuthenticationTACACS+ Authentication Features Configuring TACACS+ Authentication End User Access Control Considerations for Configuring End User Accounts Configuring End-User Access Control Logging in to an End-User Account Protected Mode CSwitch Protected Mode Configuration Window Secure Shell and Secure Copy Configuring SSH/SCP Features Enabling or Disabling SCP Apply and Save To Log In to the Switch Configuring the SCP Administrator PasswordUsing SSH and SCP Client Commands To Download the Switch Configuration Using SCP To Upload the Configuration to the Switch Apply and Save the Configuration SSH and SCP Encryption of Management Messages Generating RSA Host and Server Keys for SSH Access Cfg/sys/sshd/skeygen Using SecurID with SSH SSH/SCP Integration with Radius AuthenticationSSH/SCP Integration with TACACS+ Authentication SecurID Support Using SecurID with SCP 86 „ Configuring Switch Access Part 2 BBI Reference 88 „ Part 2 BBI Reference Understanding the Browser-Based Interface SmartConnect BBI Screen AMain VSE SmartConnect Software Screen Port Status Area 1Port Status Colors Menu Area Bvse SmartConnect Software Menu Area Configuration Window Configuration Buttons 94 „ Understanding the Browser-Based Interface Virtual Switch Groups Port Groups Virtual Machine Groups Link Aggregation Assigning Ports to VSGs Virtual Switch Groups MembershipSwitch Management Ports Assigning Virtual Machines to VSGs Switch Failover Virtual Switch Groups SettingsDelete Virtual Switch Group Settings Igmp Snooping Reset to DefaultLink Aggregation Control Protocol Bpdu Policy Virtual Switch Groups ACL QoS Add or remove ACLs or ACL sets for the specified VSG ports Switch Policies Internal Port Settings Internal Port Settings Fields External Port Settings 2External Port Settings Fields Management Port Settings Management Port Settings Fields Port Mirroring Searching for an Existing ACL Access Control ListsACL Configuration Table Adding a New ACL „ or Add or Edit ACLs Access Control List4ACL Configuration Fields Number, just as with sport above 6ACL Remarking Configuration Fields ACL Metering Settings5ACL Metering Configuration Fields ACL Remark Control Access Control List Sets 7ACL Sets Configuration Fields Quality of Service Ieee 8021p for MAC-Level QoS 8DSCP Configuration Fields DiffServ Code Point QoS 4FB2F3A86E3435548B0BD82DF2B7E949 ServerMobility General Configuration 9ServerMobility General Configuration Fields ServerMobility Port Configuration 10ServerMobility Port Configuration Fields System Settings 1SNMP Management Fields Management SettingsSystem Log 2Management Fields General Settings 3General Configuration Fields Built-In Users Local User Administration4Built-In User Administration Fields User Configuration 5Local User Administration Fields Remote User Administration 6RADIUS Fields TACACS+ 7TACACS+ Fields NTP Settings Time Services SettingsGeneral Settings 8Time Services General Settings Fields 10ErrDisable Configuration Fields ErrDisable System SettingsSwitch Protected Mode 11Management Network Configuration Fields Management Network SettingsBootstrap Protocol Settings 12BOOTP Configuration Fields Switch Telnet Settings SSH/Telnet SettingsSwitch SSH Settings 13SSH Configuration Fields Virtual Machine Group Settings 15VM Group Configuration Fields Syslog Settings Stack Switch Configuration Fields Stacking ConfigurationStack Switch Configuration „ Stack Switch Configuration on „ Managing a Stack on Stack IP Interfaces 132 „ System Settings Boot Management General Boot Settings Boot Management buttons Figuration block Boot Schedule 2Boot Schedule Fields 136 „ Boot Management Switch Information Access Control List Information Access Control List Sets Information ARP Cache Information Bootstrap Protocol Relay Information2BOOTP Relay Information Fields 1ARP Cache Information Fields Forwarding Database Information 3FDB Information Fields Virtual Switch Group Information 4Virtual Switch Group Information Fields Igmp Snooping Multicast Router Ports Igmp InformationIgmp Multicast Groups 5IGMP Multicast Groups information IP Information Default Gateways8Default Gateway information IP Interfaces Link Status Information 9Link Status information ServerMobility General Information 10ServerMobility General information ServerMobility Port Information Server Mobility Port information SNMPv3 Information 12SNMPv3 information SNMPv3 information VacmSecurityToGroup Table Syslog Messages SnmpTargetParams Table Transceiver information Port Transceiver StatusTrunk Groups Information Trunk Group information Virtual Machine Group Information User Access informationUser Information VM Group information 152 „ Switch Information 1ACL Statistics Switch StatisticsAccess Control List Statistics Layer 3 Statistics Address Resolution Protocol StatisticsFDB Statistics 2FDB Statistics Icmp Statistics 4ICMP Statistics TCP Statistics 5TCP Statistics UDP Statistics 6UDP Statistics Igmp Group Snooping Statistics Summary 7IGMP Snooping Statistics IP Statistics 8IP Statistics MP-Specific Information Dont Fragment flag was set 9CPU Utilization CPU UtilizationMP Packet Statistics 10MP Packet Statistics Port Statistics Switch Ports Statistics SummaryNetwork Time Protocol Statistics NTP Statistics Symbols Index TACACS+