1 host access control authentication (haca), Host access control authentication (haca) -16 – Enterasys Networks 6H2xx User Manual

Page 58

Advertising
background image

Overview of Security Methods

3-16

Accessing Local Management

Host Access Control Authentication (HACA) – authenticates user access of Telnet management,
console local management and WebView via a central Radius Client/Server application using the
Password screen described in

Section 3.8

. For an overview of HACA and a description of how

to set the access policy using the Radius Configuration screen, refer to

Section 3.6.1

and

Section 3.9

.

Host Access Control List (ACL) – allows only the defined list of IP Addresses to communicate
with the host for Telnet, WebView (HTTP) and SNMP. To set up these parameters, refer to the
Host Access Control List (ACL) screen described in

Section 3.6.1

.

802.1X Port Based Network Access Control – provides a mechanism for administrators to
securely authenticate and grant appropriate access to end user devices (supplicants) directly
attached to switch module ports. For more information, refer to

Section 3.6.2

.

MAC Authentication – provides a mechanism for administrators to securely authenticate and
grant appropriate access to end user devices directly attached to switch module ports. For more
information, refer to

Section 3.6.3

.

3.6.1

Host Access Control Authentication (HACA)

To use HACA, the embedded Radius Client on the switch module must be configured to
communicate with the Radius Server, and the Radius Server must be configured with the password
information. The software used for this application provides the ability to centralize the
Authentication, Authorization, and Accounting (AAA) of the network resources. For more
information, refer to the RFC 2865 (Radius Authentication) and RFC 2866 (Radius Accounting)
for a description of the protocol.

Each switch module has its own Radius Client. The client can be configured via:

The Radius Configuration screen described in

Section 3.9

, or

The Network Tools Command Line Interface (CLI) using the “radius” command described in

Chapter 12

.

The IP address of the Radius Server and the shared secret text string must be configured on the
Radius Client. The client uses the Password Authentication Protocol (PAP) to communicate the
user name and encrypted password to the Radius Server.

On the Radius Server, each user is configured with the following:

name

password

access level

Advertising
This manual is related to the following products:

6G3xx, 6H3xx, 6E2xx

Popular Brands
Popular manuals