Using SecurID with SCP | IBM Partner Pavilion BMD00082 specification

SmartConnect User’s Guide

Using SecurID with SCP

Using SecurID with SCP can be accomplished in two ways:

Using a RADIUS server to store an administrator password.

You can configure a regular administrator with a fixed password in the RADIUS server if it can be supported. A regular administrator with a fixed password in the RADIUS server can perform both SSH and SCP with no additional authentication required.

Using a SCP-only administrator password.

Use the /cfg/sys/sshd/scpadm command to bypass the checking of SecurID.

A SCP-only administrator’s password is typically used when SecurID is used. For exam- ple, it can be used in an automation program (in which the tokens of SecurID are not avail- able) to back up (download) the switch configurations each day.

Note – The SCP-only administrator’s password must be different from the regular administra- tor’s password. If the two passwords are the same, the administrator using that password will not be allowed to log in as a SSH user because the switch will recognize him as the SCP-only administrator. The switch allows only the administrator access to SCP commands.

BMD00082, February 2009

Chapter 6: Configuring Switch Access 85

Image 87

IBM Partner Pavilion BMD00082 manual Using SecurID with SCP

Contents

User’s Guide SmartConnect User’s Guide Contents Switch Virtualization Part 2 BBI Reference Boot Management Switch Statistics SmartConnect User’s Guide Who Should Use This User’s Guide Preface Part 1 Basic Concepts and Configuration What You’ll Find in This User’s GuidePart 2 BBI Reference How to Get Help Typographic ConventionsTypographic Conventions 10 „ Preface Part 1 Basic Concepts & Configuration 12 „ Part 1 Basic Concepts & Configuration VSE SmartConnect Software Overview VSE SmartConnect Software Operation 14 „ VSE SmartConnect Software Operation VSE SmartConnect Software Quick Start Configuring the Chassis Management SystemConfiguring the Upstream Networking Device Configuring the Chassis Processor Blades 16 „ VSE SmartConnect Software Operation Web Browser Set Up Getting Started with the Browser- Based InterfaceRequirements Starting the BBI ASmartConnect Login Prompt Bbbi Startup Screen Transferring the New Image to the Switch Updating the Software ImageLoading the New Software Image CBoot Management Window shown with Stacking enabled Selecting a Software Image to Run Uploading a Software Image from the Switch Active, backup, or factory Selecting a Configuration Block Resetting the Switch Switch Virtualization Virtual Switch Groups Port GroupsVirtual Machine Groups Link Aggregation Port-Based Vlan Tagging Port AccessVLANs Network Segmentation Defined VLANs Trunking ATrunking External Ports External Trunks Trunking Rules Link Aggregation Control Protocol Built-In Fault ToleranceSwitch Failover Statistical Load Distribution Configuring Switch Failover Setting the Number of Links to Trigger Failover CTrunking Internal Ports Internal Trunks Igmp Snooping ServerMobility Configuring a Backup Server Port 1ServerMobility General Configuration Fields General Configuration Port Configuration Configuration2ServerMobility Port Configuration Fields Dhcp Server Configuration SmartConnect User’s Guide 42 „ Switch Virtualization Stacking Master BackupStacking Requirements Stack Membership Master and Backup Selection Master and Backup Behavior Stack Member Numbers Configuring a Stack Configure the Stack Trunk ports optional Configuring Each Switch # cfg/stack/mif Additional Master Configuration Locating the Master Switch Internal Management IP InterfaceViewing Stack Connections Binding Members to the Stack CStack Switch Configuration Window DStack IP Interfaces Configuration Window Configuring an External IP Address for the Stack EPort Status with Stacking Managing a Stack Stacking VLANs Stacking Internal Port SettingsAdditional Internal Port Settings for Stacking Stacking Port Numbers Stacking Boot Management Stacking Boot Management buttonsUpgrading Stack Software Info/stack/pushstat Command Reference Menu Summary CLI Menus „ Statistics Menu „ Boot Options Menu Viewing, Applying, and Saving Changes Viewing Pending ChangesApplying Pending Changes # save Saving the Configuration Management Module Setup Configuring Switch Access Factory Default vs. MM Assigned IP Addresses Configuring the Default GatewaySwitch IP Addresses, Based on Switch-Module Bay Numbers ASwitch Configuration in the Management Module Window Configuring Management Module for Switch Access Cfg/sys/access/https/access e Connect to the Switch via SSH Using Telnet Using the Browser-Based Interface Access via HttpAccess via Https Https//192.168.70.127 Securing Access to the Switch Configuring an IP Address Range for the Management Network Setting Allowable Source IP Address Ranges User Accounts Radius Authentication and AuthorizationConfiguring Radius User Access Levels 3SmartConnect-Proprietary Attributes for Radius User Name/Access User-Service-Type Value Configuring TACACS+ Authentication TACACS+ AuthenticationTACACS+ Authentication Features Authorization Considerations for Configuring End User Accounts End User Access Control Logging in to an End-User Account Configuring End-User Access Control CSwitch Protected Mode Configuration Window Protected Mode Secure Shell and Secure Copy Enabling or Disabling SCP Apply and Save Configuring SSH/SCP Features Configuring the SCP Administrator Password Using SSH and SCP Client CommandsTo Log In to the Switch To Upload the Configuration to the Switch To Download the Switch Configuration Using SCP SSH and SCP Encryption of Management Messages Apply and Save the Configuration Cfg/sys/sshd/skeygen Generating RSA Host and Server Keys for SSH Access SecurID Support SSH/SCP Integration with Radius AuthenticationSSH/SCP Integration with TACACS+ Authentication Using SecurID with SSH Using SecurID with SCP 86 „ Configuring Switch Access Part 2 BBI Reference 88 „ Part 2 BBI Reference Understanding the Browser-Based Interface AMain VSE SmartConnect Software Screen SmartConnect BBI Screen 1Port Status Colors Port Status Area Bvse SmartConnect Software Menu Area Menu Area Configuration Buttons Configuration Window 94 „ Understanding the Browser-Based Interface Port Groups Virtual Switch Groups Link Aggregation Virtual Machine Groups Assigning Virtual Machines to VSGs Virtual Switch Groups MembershipSwitch Management Ports Assigning Ports to VSGs Virtual Switch Groups Settings Delete Virtual Switch Group SettingsSwitch Failover Bpdu Policy Reset to DefaultLink Aggregation Control Protocol Igmp Snooping Add or remove ACLs or ACL sets for the specified VSG ports Virtual Switch Groups ACL QoS Switch Policies Internal Port Settings Fields Internal Port Settings 2External Port Settings Fields External Port Settings Management Port Settings Fields Management Port Settings Port Mirroring Access Control Lists ACL Configuration TableSearching for an Existing ACL „ or Adding a New ACL Access Control List 4ACL Configuration FieldsAdd or Edit ACLs Number, just as with sport above ACL Remark Control ACL Metering Settings5ACL Metering Configuration Fields 6ACL Remarking Configuration Fields 7ACL Sets Configuration Fields Access Control List Sets Ieee 8021p for MAC-Level QoS Quality of Service DiffServ Code Point QoS 8DSCP Configuration Fields 4FB2F3A86E3435548B0BD82DF2B7E949 9ServerMobility General Configuration Fields ServerMobility General Configuration 10ServerMobility Port Configuration Fields ServerMobility Port Configuration System Settings 2Management Fields Management SettingsSystem Log 1SNMP Management Fields 3General Configuration Fields General Settings Local User Administration 4Built-In User Administration FieldsBuilt-In Users 5Local User Administration Fields User Configuration 6RADIUS Fields Remote User Administration 7TACACS+ Fields TACACS+ 8Time Services General Settings Fields Time Services SettingsGeneral Settings NTP Settings ErrDisable System Settings Switch Protected Mode10ErrDisable Configuration Fields 12BOOTP Configuration Fields Management Network SettingsBootstrap Protocol Settings 11Management Network Configuration Fields 13SSH Configuration Fields SSH/Telnet SettingsSwitch SSH Settings Switch Telnet Settings 15VM Group Configuration Fields Virtual Machine Group Settings Syslog Settings Stacking Configuration Stack Switch ConfigurationStack Switch Configuration Fields Stack IP Interfaces „ Stack Switch Configuration on „ Managing a Stack on 132 „ System Settings General Boot Settings Boot Management Figuration block Boot Management buttons 2Boot Schedule Fields Boot Schedule 136 „ Boot Management Switch Information Access Control List Sets Information Access Control List Information 1ARP Cache Information Fields Bootstrap Protocol Relay Information2BOOTP Relay Information Fields ARP Cache Information 3FDB Information Fields Forwarding Database Information 4Virtual Switch Group Information Fields Virtual Switch Group Information 5IGMP Multicast Groups information Igmp InformationIgmp Multicast Groups Igmp Snooping Multicast Router Ports IP Interfaces Default Gateways8Default Gateway information IP Information 9Link Status information Link Status Information 10ServerMobility General information ServerMobility General Information Server Mobility Port information ServerMobility Port Information 12SNMPv3 information SNMPv3 Information VacmSecurityToGroup Table SNMPv3 information SnmpTargetParams Table Syslog Messages Trunk Group information Port Transceiver StatusTrunk Groups Information Transceiver information VM Group information User Access informationUser Information Virtual Machine Group Information 152 „ Switch Information Switch Statistics Access Control List Statistics1ACL Statistics 2FDB Statistics Address Resolution Protocol StatisticsFDB Statistics Layer 3 Statistics 4ICMP Statistics Icmp Statistics 5TCP Statistics TCP Statistics 6UDP Statistics UDP Statistics 7IGMP Snooping Statistics Igmp Group Snooping Statistics Summary 8IP Statistics IP Statistics Dont Fragment flag was set MP-Specific Information 10MP Packet Statistics CPU UtilizationMP Packet Statistics 9CPU Utilization NTP Statistics Switch Ports Statistics SummaryNetwork Time Protocol Statistics Port Statistics Index Symbols TACACS+