Security configuration commands

This section describes the commands used to configure and manage the security features of the Intel® Blade Server Ethernet Switch Module IXM5414E. These features include:

Authentication commands

IEEE 802.1X Port-based network access control

Remote Authentication Dial-In User Service (RADIUS)

Secure Shell (SSH) commands

Secure Socket Layer (SSL) commands

Authentication commands

config authentication login create

Use this command to create an authentication login list. The <listname> is up to 15 alphanumeric characters and is case sensitive. Up to 10 authentication login lists can be configured on the switch. When a list is created, the authentication method “local” is set as the first method. Authentication methods can be changed using the config authentication login set command.

Format

config authentication login create <listname>

config authentication login delete

Use this command to delete the specified authentication login list. The command will fail if any of the following conditions are true:

The login list name is invalid or does not identify an existing login list

The specified login list is currently assigned to a user or to the nonconfigured user

The specified login list is the default login list included with the default configuration and was not created using the config authentication login set command.

Format

config authentication login delete <listname>

config authentication login set

Use this command to configure an ordered list of methods for the specified authentication login list. You may specify up to three methods. The possible methods are local, radius, and reject.

The value of local indicates that the user’s locally stored ID and password should be used for authentication. The value of radius indicates that the user’s ID and password will be authenticated using the RADIUS server. The value of reject indicates that the user is never authenticated.

To authenticate a user, the authentication methods in the user’s login list will be attempted in order until an authentication attempt succeeds or fails.

Note that the default login list included with the default configuration can not be changed.

Format

config authentication login set <listname> <local/radius/reject>

 

[local/radius/reject] [local/radius/reject]

config users defaultlogin

Use this command to assign the authentication login list to be used when a non-configured user attempts to log in to the system. This setting is overridden by the authentication login list assigned to

206

Intel® Blade Server Ethernet Switch Module IXM5414E

Page 216
Image 216
Intel IXM5414E manual Security configuration commands, Authentication commands