What is an authentication profile, What are the recommendations for, Management security – Dell POWEREDGE M1000E User Manual

Controlling Management Access

173

What Are the Recommendations for Management Security?

Selecting the authentication policy for a network is very important. In large

deployments, many administrators prefer to use a RADIUS or TACACS+

server because it allows the authentication policy to be applied system wide

with little administrative effort. Additional recommendations for

management security include:

• Require strong passwords
• Disable factory-delivered default accounts
• Enable password lockout
• Configure user ACLs to protect administrative access to the network.

What Is an Authentication Profile?

An authentication profile specifies which authentication method or methods

to use to authenticate a user who attempts to access the switch management

interface. The authentication method can be one or more of the following:

• ENABLE—Uses the enable password for authentication.
• IAS—Uses the Internal Authentication Server database for 801X port-

based authentication.

• LINE-—Uses the Line password for authentication.
• LOCAL— Uses the ID and password in the Local User Database for

authentication.

• RADIUS-—Sends the user's ID and password will be authenticated using

the RADIUS server instead of locally

• TACACS+— Sends the user's ID and password to the configured

TACACS+ server to be authenticated.

• NONE-—No authentication is used.

You can use the same Authentication Profile for all access types, or select or

create a variety of profiles based on how a user attempts to access the switch

management interface. Profiles can be applied to each of the following access

types:

• Login—Autnenticates all attempts to login to the switch.
• Enable—Authenticates all attempts to enter Privileged EXEC mode (CLI

only).