Manuals / Brands / Computer Equipment / Switch / SMC Networks / Computer Equipment / Switch

SMC Networks 10/100/1000 SMCGS8P-Smart , S, 2-16, Configuring RADIUS/TACACS+ Logon Authentication

1 366

Download 366 pages, 7.99 Mb

C

ONFIGURING

THE

S

WITCH

2-16

CLI – Assign a user name to access-level 15 (i.e., administrator),

then specify the password.

Configuring RADIUS/TACACS+ Logon Authentication

You can configure this switch to authenticate users logging into

the system for management access using local, RADIUS, or

TACACS+ authentication methods.

RADIUS and TACACS+ are logon authentication protocols that use

software running on a central server to control access to

RADIUS-aware or TACACS+-aware devices on the network. An

authentication server contains a database of multiple user name/

password pairs with associated privilege levels for each user that

requires management access to a switch.

Like RADIUS, Terminal Access Controller Access Control System

Plus (TACACS+) is a system that uses a central server to control

authentication for access to switches on the network.

RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best

effort delivery, while TCP offers a connection-oriented transport.

Also, note that RADIUS encrypts only the password in the

access-request packet from the client to the server, while TACACS+

encrypts the entire body of the packet.

Command Usage

• By default, management access is always checked against the

authentication database stored on the local switch. If a remote

authentication server is used, you must specify the

authentication sequence and the corresponding parameters for

the remote authentication protocol.

Console(config)#username bob access-level 15 3-30

Console(config)#username bob password 0 smith

Console(config)#

b_mgmt.book Page 16 Tuesday, July 8, 2003 5:24 PM

Contents

Main TigerSwitch 10/100/1000 Gigabit Ethernet Switch Managemen t Guide Page Page Page L W IMITED v ARRANTY W IMITED ARRANTY vi vii ONTENTS 1 Switch Management 1-1 2 Configuring the Switch 2-1 viii ix 3 Command Line Interface 3-1 x xi xii xiii Page 1-1 1 S M WITCH ANAGEMENT Connecting to the Switch M 1-2 Page M 1-4 Remote Connections C 1-5 Basic Configuration Console Connection M 1-6 Setting Passwords C 1-7 Setting an IP Address M 1-8 C 1-9 M 1-10 Enabling SNMP Management Access C 1-11 M 1-12 Saving Configuration Settings S F Managing System Files M 1-14 System Defaults D 1-15 M 1-16 D 1-17 Page 2-1 2 S THE ONFIGURING Navigating the Web Browser Interface Page S 2-4 Panel Display M 2-5 Main Menu S 2-6 M 2-7 S 2-8 Basic Configuration Displaying System Information C 2-9 Page C 2-11 Setting the IP Address S 2-12 C 2-13 Manual Configuration Using DHCP/BOOTP Security Configuring the Logon Password 2-15 S 2-16 Configuring RADIUS/TACACS+ Logon Authentication 2-17 S 2-18 2-19 Page 2-21 Configuring HTTPS S 2-22 2-23 Replacing the Default Secure-site Certificate S 2-24 Configuring SSH ECURITY 2-25 CLI Enter the following commands to configure the SSH service. S 2-26 Managing Firmware Downloading System Software from a Server Page S 2-28 Saving or Restoring Configuration Settings F 2-29 Page F 2-31 Displaying Bridge Extension Capabilities Page F ANAGING IRMWARE 2-33 Web Click System, Bridge Extension. Page F ANAGING IRMWARE 2-35 Web Click System, Switch Information. Port Configuration C ORT ONFIGURATION 2-37 CLI This example shows the connection status for Port 13. S 2-38 Configuring Interface Connections C 2-39 Page C 2-41 Setting Broadcast Storm Thresholds Page Page S 2-44 Configuring Port Security C 2-45 Port Security Action S 2-46 Port Security Configuration Address Table Settings Page Page Page Spanning Tree Protocol Configuration S 2-52 T C P 2-53 STP Information S 2-54 Page S THE ONFIGURING WITCH T C P 2-57 STP Configuration S 2-58 T C P 2-59 Page T C P 2-61 STP Port and Trunk Information S 2-62 T C P 2-63 Page T C P 2-65 STP Port and Trunk Configuration S 2-66 T C P 2-67 S 2-68 Page S 2-70 VLAN Configuration 2-71 Assigning Ports to VLANs S 2-72 2-73 Forwarding Tagged/Untagged Frames S 2-74 Displaying Basic VLAN Information 2-75 Displaying Current VLANs Command Attributes for Web Interface Page 2-77 Creating VLANs S 2-78 2-79 Adding Interfaces Based on Membership Type S 2-80 2-81 Page 2-83 Configuring VLAN Behavior for Interfaces S 2-84 2-85 Page Class of Service Configuration Page Page Page C S 2-91 Page C S 2-93 Mapping Layer 3/4 Priorities to CoS Values Page Page Page C S 2-97 Mapping DSCP Priority Page Page S 2-100 Port Trunk Configuration T C 2-101 Page Page S 2-104 Statically Configuring a Trunk Page S 2-106 Configuring SNMP Page Page Page Page SNMP 2-111 Page C 2-113 Multicast Configuration Configuring IGMP Parameters S 2-114 C 2-115 S THE ONFIGURING WITCH Page S 2-118 Specifying Interfaces Attached to a Multicast Router C 2-119 Displaying Port Members of Multicast Services Command Attribute Page C 2-121 Adding Multicast Addresses to VLANs Command Attribute Showing Device Statistics D S 2-123 Statistical Values S 2-124 D S 2-125 S 2-126 Page Page 801.1X P A ORT UTHENTICATION 801.1X Port Authentication S 2-130 801.1X P A 2-131 802.1x Port Configuration S 2-132 Page S 2-134 802.1x Statistics The 802.1x protocol includes statistics for 802.1x protocol exchanges for any port. Page Page 3-1 3 I INE L OMMAND L I 3-2 Telnet Connection Page Entering Commands Page L I 3-6 The command show interfaces ? will display the following information: Partial Keyword Lookup Page L I 3-8 Exec Commands E C 3-9 Configuration Commands L I 3-10 Command Line Processing Page L I 3-12 Command Groups The system commands can be broken down into the functional groups shown be low G 3-13 L I 3-14 General Commands enable C 3-15 disable L I 3-16 configure C 3-17 show history Page C 3-19 exit quit L Flash/File Commands C 3-21 copy L I 3-22 C 3-23 delete L I 3-24 dir C 3-25 whichboot L I 3-26 boot system M System Management Commands L I 3-28 M C 3-29 hostname L I 3-30 username M C 3-31 enable password L I 3-32 jumbo frame M C 3-33 ip http port L I 3-34 ip http server M C 3-35 ip http secure-server L I 3-36 ip http secure-port M C 3-37 ip ssh L I 3-38 ip ssh server M C 3-39 disconnect ssh Page M C 3-41 logging on L I 3-42 logging history M C 3-43 Page Page L I 3-46 Messages sent include the selected level up through level 0. Default Setting Level 3 - 0 Command Mode Global Configuration Example M C 3-47 clear logging show logging L I 3-48 show startup-config M C 3-49 L I 3-50 Example Related Commands show running-config (3-51) M C 3-51 show running-config L I 3-52 show system M C 3-53 show users L I 3-54 show version C Authentication Commands L I 3-56 authentication login C 3-57 Page C 3-59 radius-server key L I 3-60 radius-server retransmit radius-server timeout C 3-61 show radius-server tacacs-server host L I 3-62 tacacs-server port Page L I 3-64 Example SNMP Commands 3-65 snmp-server community Page 3-67 snmp-server host L I 3-68 3-69 snmp-server enable traps L I 3-70 snmp ip filter 3-71 show snmp L I 3-72 3-73 IP Commands L I 3-74 ip address 3-75 ip dhcp restart L I 3-76 ip default-gateway 3-77 show ip interface Page 3-79 L I 3-80 Line Commands C 3-81 line L I 3-82 login C 3-83 password L I 3-84 exec-timeout C 3-85 password-thresh L I 3-86 silent-time C 3-87 databits L I 3-88 parity C 3-89 speed Page C 3-91 Interface Commands L I 3-92 interface C 3-93 description L I 3-94 speed-duplex C 3-95 negotiation L I 3-96 capabilities C 3-97 flowcontrol L I 3-98 C 3-99 shutdown L I 3-100 switchport broadcast C 3-101 port security L I 3-102 clear counters C 3-103 show interfaces status L I 3-104 show interfaces counters C 3-105 L I 3-106 show interfaces switchport T Address Table Commands L I 3-108 mac-address-table static T C 3-109 show mac-address-table L I 3-110 Page Page T C 3-113 Spanning Tree Commands L I 3-114 spanning-tree T C 3-115 spanning-tree mode L I 3-116 spanning-tree forward-time T C 3-117 spanning-tree hello-time L I 3-118 spanning-tree max-age T C 3-119 spanning-tree priority L I 3-120 spanning-tree pathcost method Page L I 3-122 spanning-tree cost T C 3-123 spanning-tree port-priority L I 3-124 spanning-tree portfast T C 3-125 spanning-tree edge-port L I 3-126 spanning-tree protocol-migration T C 3-127 spanning-tree link-type L I 3-128 show spanning-tree T C REE PANNING OMMANDS VLAN Commands 3-131 vlan database L I 3-132 vlan 3-133 interface vlan L I 3-134 switchport mode 3-135 switchport acceptable-frame-types L I 3-136 switchport ingress-filtering 3-137 switchport native vlan L I 3-138 switchport allowed vlan 3-139 switchport forbidden vlan L I 3-140 show vlan GVRP GVRP and Bridge Extension Commands L I 3-142 switchport gvrp Page L I 3-144 garp timer Page L I 3-146 bridge-ext gvrp Page L I 3-148 IGMP Snooping Commands C 3-149 ip igmp snooping L I 3-150 ip igmp snooping vlan static C 3-151 ip igmp snooping version L I 3-152 show ip igmp snooping show mac-address-table multicast C 3-153 ip igmp snooping querier L I 3-154 ip igmp snooping query-count C 3-155 ip igmp snooping query-interval L I 3-156 ip igmp snooping query-max-response-time C 3-157 ip igmp snooping router-port-expire-time L I 3-158 ip igmp snooping vlan mrouter C 3-159 show ip igmp snooping mrouter L I Priority Commands C 3-161 switchport priority default L I 3-162 queue bandwidth C 3-163 queue cos-map L I 3-164 C 3-165 show queue bandwidth L I 3-166 show queue cos-map map ip precedence (Global Configuration) C 3-167 map ip precedence (Interface Configuration) L I 3-168 C 3-169 map ip dscp (Global Configuration) L I 3-170 map ip dscp (Interface Configuration) C 3-171 show map ip precedence L I 3-172 show map ip dscp C 3-173 L I 3-174 Mirror Port Commands port monitor P C 3-175 show port monitor L I 3-176 T C Port Trunking Commands L I 3-178 channel-group T C 3-179 lacp L I 3-180 A PPENDIX A-1 A T ROUBLESHOOTING A-2 Page U P S F B-3 Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Glossary-7 Page I NDEX Index-2 P R S T U