Manuals / Brands / Computer Equipment / Switch / SMC Networks / Computer Equipment / Switch

SMC Networks TigerSwitch 100 2-15, Configuring RADIUS/TACACS Logon Authentication

1 334

Download 334 pages, 2.99 Mb

S

ECURITY

2-15

CLI – Assign a user name to access-level 15 (i.e., administrator), then

specify the password.

Configuring RADIUS/TACACS Logon Authentication

You can configure this switch to authenticate users logging into the system

for management access using local, RADIUS, or TACACS+ authentication

methods.

RADIUS and TACACS+ are logon authentication protocols that us e

software running on a central server to control access to RADIUS-aware

or TACACS+-aware devices on the network. An authentication server

contains a database of multiple user name, password pairs with associ ated

privilege levels for each user that requires management access to a switch.

Like RADIUS, Terminal Access Controller Access Control System Plus

(TACACS+) is a system that uses a central server to control authentication

for access to switches on the network.

RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best

effort delivery, while TCP offers a connection-oriented transport. Also,

note that RADIUS encrypts only the password in the access-requ est

packet from the client to the server, whil e TACACS+ encrypts the entire

body of the packet.

Command Usage

• By default, management access is always checked against the

authentication database stored on the local switch. If a remote

authentication server is used, you must specify the authentication

sequence and the corresponding parameters for the remote

authentication protocol.

Console(config)#username bob access-level 15 3-27

Console(config)#username bob password 0 smith

Console(config)#

Contents

Main TigerSwitch 10/100/1000 Gigabit Ethernet Switch Management Guide Page Page Page L W IMITED v ARRANTY W IMITED ARRANTY vi vii ONTENTS 1 Switch Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 2 Configuring the Switch . . . . . . . . . . . . . . . . . . . . . . . . 2-1 viii ix 3 Command Line Interface . . . . . . . . . . . . . . . . . . . . . . 3-1 x xi xii xiii Page 1-1 1 S M WITCH ANAGEMENT Connecting to the Switch M 1-2 S 1-3 Required Connections M 1-4 Remote Connections Basic Configuration M 1-6 Setting an IP Address C 1-7 M 1-8 C 1-9 Enabling SNMP Management Access M 1-10 C 1-11 Saving Configuration Settings M 1-12 Managing System Files D 1-13 System Defaults M 1-14 D 1-15 Page 2-1 2 S THE ONFIGURING Navigating the Web Browser Interface Home Page Page Panel Display M 2-5 Main Menu S 2-6 M 2-7 S 2-8 Basic Configuration Displaying System Information Page S 2-10 Setting the IP Address C 2-11 S 2-12 Manual Configuration Using DHCP/BOOTP Security Configuring the Logon Password S 2-14 2-15 Configuring RADIUS/TACACS Logon Authentication S 2-16 2-17 Page 2-19 HTTPS S 2-20 2-21 SSH S 2-22 Managing Firmware F 2-23 Downloading System Software from a Server S 2-24 Saving or Restoring Configuration Settings F 2-25 Page B C E 2-27 Displaying Bridge Extension Capabilities S 2-28 Page S 2-30 Displaying Switch Hardware/Software Versions Page Port Configuration C ORT ONFIGURATION 2-33 CLI This example shows the connection status for Port 13. S 2-34 Configuring Interface Connections C 2-35 S 2-36 Setting Broadcast Storm Thresholds Page Page C 2-39 Configuring Port Security S 2-40 Port Security Action Port Security Configuration Address Table Settings Page Page Spanning Tree Protocol Configuration T C P 2-45 S 2-46 STP Information T C P 2-47 Page T C ROTOCOL P REE S 2-50 STP Configuration T C P 2-51 Page Page S 2-54 STP Port and Trunk Information T C P 2-55 S 2-56 Page S 2-58 STP Port and Trunk Configuration T C P 2-59 S 2-60 2-61 VLAN Configuration S 2-62 Assigning Ports to VLANs 2-63 S 2-64 Forwarding Tagged/Untagged Frames 2-65 Displaying Basic VLAN Information S 2-66 Displaying Current VLANs Command Attributes for Web Interface Page S 2-68 Creating VLANs 2-69 S 2-70 Adding Interfaces Based on Membership Type 2-71 Page Page S 2-74 2-75 Page C S 2-77 Class of Service Configuration Setting the Default Priority for Interfaces Page C S 2-79 S 2-80 Page S 2-82 Mapping Layer 3/4 Priorit ies to CoS Values Selecting IP Precedence/DSCP Priority Page Page Page S 2-86 Mapping DSCP Priority Page S 2-88 Port Trunk Configuration T C 2-89 Page Page S 2-92 Statically Configuring a Trunk Page S 2-94 Configuring SNMP Page Page Page Page Multicast Configuration S 2-100 Configuring IGMP Parameters C 2-101 Page C 2-103 Interfaces Attached to a Multicast Router Displaying Interfaces Attached to a MulticastRouter S 2-104 Specifying Interfaces Attached to a MulticastRouter C 2-105 Displaying Port Members of Multicast Services Command Attribute Page Page S 2-108 Showing Device Statistics D S 2-109 Statistical Values S 2-110 D S 2-111 S 2-112 Page S THE ONFIGURING WITCH 3 I INE L OMMAND L I 3-2 Telnet Connection C Entering Commands Keywords and Arguments Page C NTERING The command show interfaces ? will display the following information: 3-5 Showing Commands Page C 3-7 Exec Commands L I 3-8 Configuration Commands C 3-9 Command Line Processing L I Command Groups The system commands can be broken down into the functional groups shown below G 3-11 L I 3-12 General Commands enable C 3-13 disable L I 3-14 configure C 3-15 show history Page Page L I 3-18 Flash/File Commands copy /F C 3-19 L I 3-20 Page L I 3-22 dir /F C 3-23 whichboot L I 3-24 boot system M System Management Commands L I 3-26 M C 3-27 hostname username L I 3-28 M C 3-29 enable password L I 3-30 jumbo frame Page L I 3-32 ip http secure-server M C 3-33 ip http secure-port L I 3-34 ip ssh M C 3-35 ip ssh server L I 3-36 disconnect ssh Page L I 3-38 logging on M C 3-39 logging history L I 3-40 logging host M C 3-41 logging facility L I 3-42 logging trap Page L I 3-44 show startup-config M C ANAGEMENT YSTEM 3-45 L I 3-46 show running-config M C 3-47 show system L I 3-48 show users M C 3-49 show version L Authentication Commands C 3-51 authentication login L I 3-52 radius-server host C 3-53 radius-server port radius-server key Page C 3-55 radius-server timeout show radius-server Page C 3-57 tacacs-server key show tacacs-server L SNMP Commands snmp-server community 3-59 Page 3-61 snmp-server host L I 3-62 3-63 snmp-server enable traps L I 3-64 snmp ip filter 3-65 show snmp L I INE OMMAND NTERFACE IP Commands ip address L I 3-68 3-69 ip dhcp restart Page 3-71 show ip redirects L I 3-72 ping C Line Commands L I 3-74 line C 3-75 login L I 3-76 password C 3-77 exec-timeout L I 3-78 password-thresh C 3-79 silent-time L I 3-80 databits C 3-81 parity L I 3-82 speed C 3-83 stopbits show line L Interface Commands C 3-85 interface Page C 3-87 L I 3-88 negotiation C 3-89 capabilities Default Setting L I 3-90 flowcontrol C 3-91 shutdown L I 3-92 switchport broadcast C 3-93 port security L I 3-94 clear counters C 3-95 show interfaces status L I 3-96 Page L I 3-98 show interfaces switchport C 3-99 L I 3-100 Address Table Commands mac-address-table static Use this command to map a static address to a port in a VLAN. Use the no form to remove an address. T C 3-101 L I 3-102 show mac-address-table T C 3-103 clear mac-address-table dynamic mac-address-table aging-time L I 3-104 show mac-address-table aging-time T Spanning Tree Commands Page T C 3-107 spanning-tree mode L I 3-108 spanning-tree forward-time Page L I 3-110 spanning-tree priority T C 3-111 spanning-tree pathcost method Page T C 3-113 spanning-tree cost L I 3-114 spanning-tree port-priority T C 3-115 spanning-tree portfast L I 3-116 spanning-tree edge-port T C 3-117 spanning-tree protocol-migration L I 3-118 spanning-tree link-type Page L I INE OMMAND NTERFACE VLAN Commands L I 3-122 vlan database 3-123 vlan L I 3-124 interface vlan 3-125 switchport mode L I 3-126 switchport acceptable-frame-types 3-127 switchport ingress-filtering L I 3-128 switchport native vlan 3-129 switchport allowed vlan L I 3-130 switchport forbidden vlan 3-131 show vlan L I 3-132 GVRP and Bridge Extension Commands switchport gvrp GVRP C E B 3-133 L I 3-134 garp timer Page L I 3-136 bridge-ext gvrp Page L I 3-138 IGMP Snooping Commands C 3-139 ip igmp snooping L I 3-140 ip igmp snooping vlan static C 3-141 ip igmp snooping version show ip igmp snooping L I 3-142 show mac-address-table multicast C 3-143 ip igmp snooping querier L I 3-144 ip igmp snooping query-count C 3-145 ip igmp snooping query-interval ip igmp snooping query-max-response-time L I 3-146 C 3-147 ip igmp snooping router-port-expire-time L I 3-148 ip igmp snooping vlan mrouter C 3-149 show ip igmp snooping mrouter L I Priority Commands C 3-151 switchport priority default L I 3-152 queue bandwidth C 3-153 queue cos-map L I 3-154 C 3-155 show queue bandwidth show queue cos-map L I 3-156 map ip precedence (Global Configuration) C 3-157 map ip precedence (Interface Configuration) L I 3-158 map ip dscp (Global Configuration) C 3-159 map ip dscp (Interface Configuration) L I 3-160 show map ip precedence C 3-161 show map ip dscp L I 3-162 P C Mirror Port Commands port monitor L I 3-164 show port monitor P C 3-165 L I Port Trunking Commands T C 3-167 channel-group L I 3-168 lacp T C RUNKING ORT 3-169 Page PPENDIX A-1 A T ROUBLESHOOTING Troubleshooting Chart Page Page U P S F B-3 Page PPENDIX C-1 C P A IN SSIGNMENTS Console Port Pin Assignments Page G Glossary-1 LOSSARY Glossary-2 Glossary-3 Glossary-4 Glossary-5 Glossary-6 Page Page I NDEX Index-2 R S T U V