Configuring the Switch

3-54

3

User Authentication

You can configure this switch to authenticate users logging into the system for
management access using local or remote authentication methods. Port-based
authentication using IEEE 802.1X can also be configured to control either
management access to the uplink ports or client access to the data ports. This
switch provides secure network management access4 using the following options:
User Accounts – Manually configure access rights on the switch for specified users.
Authentication Settings – Use remote authentication to configure access rights.
Encryption Key – Configures RADIUS and TACACS+ encryption keys.
AAA – Provides a framework for configuring access control on the switch.
HTTPS Settings – Provide a secure web connection.
SSH Settings – Provide a secure shell (for secure Telnet access).
Port Security – Configure secure addresses for individual ports.
802.1X – Use IEEE 802.1X port authentication to control access to specific ports.
IP Filter – Filters management access to the web, SNMP or Telnet interface.

Configuring User Accounts

The guest only has read access for most configuration parameters. However, the
administrator has write access for all parameters governing the onboard agent. You
should therefore assign a new administrator password as soon as possible, and
store it in a safe place.
The default guest name is “guest” with the password “guest.” The default
administrator name is “admin” with the password “admin.”
Command Attributes
Account List – Displays the current list of user accounts and associated access
levels. (Defaults: admin, and guest)
New Account – Displays configuration settings for a new account.
-User Name – The name of the user.
(Maximum length: 8 characters; maximum number of users: 16)
-Access Level – Specifies the user level.
(Options: Normal and Privileged)
Normal privilege level provides access to a limited number of the commands
which display the current status of the switch, as well as several database clear
and reset functions. Privileged level provides full access to all commands.
-Password – Specifies the user password.
(Range: 0-8 characters plain text, case sensitive)
Change Password – Sets a new password for the specified user name.
Add/Remove – Adds or removes an account from the list.
4. For other methods of controlling client access, see "General Security Measures" on page 3-89.