Privilege Level Switching Authentication Technology White Paper

Size: px
Start display at page:

Download "Privilege Level Switching Authentication Technology White Paper"

Transcription

1 Privilege Level Switching Authentication Technology White Paper Keywords: Privilege level switching authentication, RADIUS, HWTACACS Abstract: This document briefly describes the background and implementation of the privilege level switching authentication technology, and provides a typical application scenario. Acronyms: Acronym Full spelling AAA RADIUS HWTACACS Authentication, Authorization, Accounting Remote Authentication Dial-In User Service HW Terminal Access Controller Access Control System Hangzhou H3C Technologies Co., Ltd. 1/10

2 Table of Contents Overview 3 Background 3 Benefits 4 Implementation 5 Relevant Concepts 5 User Interface Login Authentication Mode 5 Super Authentication Modes 5 Implementation of Basic Super Authentication Modes 6 Implementation of Local Super Authentication 6 Implementation of Remote Super Authentication by a RADIUS Server 7 Implementation of Remote Super Authentication by an HWTACACS Server 7 Application of Super Authentication Modes 7 Application Scenario 9 Hangzhou H3C Technologies Co., Ltd. 2/10

3 Overview Background To restrict the access of different login users, the device supports assigning users privilege levels. User privilege levels correspond to command levels. Users logging in to the device can only use commands at their own and lower levels. Users can also switch their user privilege levels to higher levels temporarily without logging out and disconnecting the current connection. For example, an administrator may log in to a device by using an identity with a lower privilege level and check the device running status. To configure or maintain the device, however, the administrator needs to switch the privilege level to a higher level. This switching is implemented by the user privilege level switching function. The user privilege level switching function allows login users to execute the super command to switch to a higher privilege level. During the switching, no connection teardown and re-establishment occur and the users do not need to re-login. After the switching, users continue to use their original connections, but they can execute more commands. The switching of user privilege level is effective only for the current login; after re-login, the user privilege restores to the original level. Using the super command, a user can switch to a privilege level equal to or lower than the current one unconditionally. However, to switch to a higher privilege level, which allows for access to more commands, a user must pass the level switching authentication, which is also referred to after the super command as super authentication. Currently, two basic level switching authentication modes are supported: Local level switching authentication Remote level switching authentication Additionally, two combinations of the above two modes are supported for backup and flexibility. Local authentication if remote level switching authentication is not available Remote level switching authentication if no local authentication password is configured Local level switching authentication With local level switching authentication, the device uses locally configured passwords to authenticate users performing privilege level switching and the same password is used for users switching to the same privilege level. For example, if a login user wants to switch to privilege level 3, the user needs to input the password predefined for switching to level 3, as shown below: <Device> super 3 Password: < Input the password predefined on the device for switching to level 3 User privilege level is 3, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE Hangzhou H3C Technologies Co., Ltd. 3/10

4 Remote level switching authentication With remote level switching authentication, a remote RADIUS or HWTACACS server is deployed for user privilege level switching authentication. Remote AAA authentication can be deployed in a scenario where, for example, all administrators must pass RADIUS authentication before logging in to the device, and can only access commands of level 0 (visit level) and perform basic diagnostic operations such as ping after login. Only super administrators can switch to a higher level for system configuration and maintenance. As shown below, a super administrator needs to input the correct username and password for remote privilege level switching authentication when switching to privilege level 3: <Device> super 3 Username:olive@abc Password: < Input the password predefined on the server for switching to level 3 User privilege level is 3, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE Benefits Local level switching authentication features easy configuration and is easy to use, but it has the following problems: Hard to distinguish users. All users use the same level switching password to switch to a certain level higher. Local storage and management of passwords, which have limitations. Remote level switching authentication for user privilege level switching requires a remote server, incurring more complex process for user information management and maintenance as compared with local level switching authentication. However, remote level switching authentication features: Securer user privilege level switching Remote level switching authentication improves the security for user level switching. To switch to a higher level, a user provides the username and password for level switching authentication on a remote RADIUS or HWTACACS server. Different users can be provided with different level switching capabilities. Flexible device management Combination of remote level switching authentication and local level switching authentication provides reliable authentication and flexible device management. Hangzhou H3C Technologies Co., Ltd. 4/10

5 Implementation Relevant Concepts User Interface Login Authentication Mode The super authentication mode is closely associated with the user interface login authentication mode. Usage and configuration of super authentication may also vary with the interface authentication mode used. The following table gives a brief description of the user interface login authentication modes. The authentication modes in boldface are keywords in command authentication-mode { none password scheme }, the command for setting the user interface login authentication mode. The syntax of the command may vary with the system version. Table 1 User interface login authentication modes Authentication mode none password scheme Description No authentication is performed when users log in to the user interfaces. Password-based authentication is performed when users log in to user interfaces. Username and password are required for authentication when users log in to user interfaces. Super Authentication Modes Currently, the following level switching authentication modes are supported: Local level switching authentication Remote level switching authentication through an HWTACACS or RADIUS server Remote level switching authentication and, if remote super authentication is not available, local super authentication Local level switching authentication and, if no local level switching password is configured, remote super authentication Table 2Table 2 describes the level switching authentication modes. Hangzhou H3C Technologies Co., Ltd. 5/10

6 The authentication modes in boldface are keywords in command super authentication-mode { local scheme }*, the command for setting the privilege level switching authentication mode. The syntax of the command may vary with the system version. Table 2 Description of the level switching authentication modes Authentication mode local scheme scheme local local scheme Description Local level switching authentication Remote level switching authentication through an HWTACACS or RADIUS server Remote level switching authentication + local level switching authentication (backup) Local level switching authentication + remote level switching authentication (backup) Remarks The device uses the locally configured privilege level switching passwords for authentication. In other words, the device compares the input password with the locally configured one for the corresponding privilege level. The device sends the username and password to the HWTACACS or RADIUS server for remote level switching authentication. The device performs remote level switching authentication and, if the HWTACACS or RADIUS server is not available or the AAA configuration is ineffective, uses local super authentication instead. The device performs local super authentication. If no corresponding level switching password is configured on the device, the device performs remote super authentication for users logging in to the device through the AUX, TTY, or VTY user interfaces, while allowing users logging in from the console interface to switch to a higher level directly. Implementation of Basic Super Authentication Modes Implementation of Local Super Authentication With local super authentication, the device prompts a user trying to switch to a higher privilege level to input the corresponding password and compares the input password with the corresponding one locally configured. If the two passwords match, the user passes the authentication; otherwise, the device prompts the user to enter the correct password and try again. After three times of unsuccessful attempts, the user will see authentication failure prompt. Hangzhou H3C Technologies Co., Ltd. 6/10

7 Implementation of Remote Super Authentication by a RADIUS Server The device uses the username input by a user at login, if any, for super authentication of the user by default and prompts the user to input the password directly. If no login username is used, the device prompts the user to input the username and then the password. Because RADIUS cannot identify the privilege level that a user applies for, the RADIUS client generates an authentication request using a username in the format of $enab+level, where level specifies the privilege level to which the user wants to switch. For example, if a user wants to switch the privilege level to 3, the system uses $enab3 for authentication. When the domain name is required, $enab3@domain is used, where domain specifies the domain name. Accordingly, information about user $enab3 should be added to the RADIUS server. Upon receiving the authentication request, the RADIUS server uses the username and password for level switching authentication. If the authentication succeeds, it sends back an Access-Accept message. If the authentication fails, it returns an Access-Reject message. Users have three times for entering a correct username and password. Upon an incorrect username or password, the system prompts the user to enter the correct ones and try again. After three times of unsuccessful attempts, the user will see authentication failure prompt. Implementation of Remote Super Authentication by an HWTACACS Server The device uses the login username of a user, if any, for super authentication of the user by default and thus prompts the user to input the password directly. If no login username is used, the device prompts users to input the username and then the password. HWTACACS allows users to apply privilege level switching. The username entered by a user and the password are used for super authentication by an HWTACACS server. Upon receiving the authentication request, the HWTACACS server authenticates the username and password of the user for level switching. If the authentication succeeds, it sends back an authentication success message. If the authentication fails, it returns an authentication failure message. Users have three times for entering a correct username and password. Upon an incorrect username or password, the system prompts the user to enter the correct ones and try again. After three times of unsuccessful attempts, the user will see authentication failure prompt. Application of Super Authentication Modes The sections above have described three user interface login authentication modes and four super authentication modes. This section summarizes what information users need to input when different user interface login authentication modes and super authentication modes are combined, as shown in Table 3. Note that: The third column displays the information a user needs to input for level switching in the first authentication mode, which is specified in the second column. The fourth column displays the information a user needs to input for level switching in the second super authentication mode, which is used when the first authentication mode is not available. If no backup authentication mode is configured, a dash ( ) is displayed in the fourth column. Hangzhou H3C Technologies Co., Ltd. 7/10

8 Table 3 Information needed for user privilege level switching Privilege Level Switching Authentication Technology White Paper User interface login authentication mode User privilege level switching authentication mode Information needed for the first authentication mode Information needed for the second authentication mode local Password for switching to the level (configured on the device) none/password local scheme scheme Password for switching to the level (configured on the device) Username and password switching to the level Username and password for switching to the level (configured on the AAA server) scheme local Username and password switching to the level (configured on the AAA server) Password for switching to the level (configured on the device) local Password for switching to the level (configured on the device) local scheme Password for switching to the level (configured on the device) Password for switching to the level (configured on the AAA server). The system uses the username used at login as the username for privilege level switching authentication. scheme Password for switching to the level (configured on the AAA server). scheme The system uses the username used at login as the username for privilege level switching authentication. scheme local Password switching to the level (configured on the AAA server). The system uses the username used at login as the username for privilege level switching authentication. Password for switching to the level (configured on the device) Hangzhou H3C Technologies Co., Ltd. 8/10

9 Application Scenario Network requirements As shown in Figure 1, Device performs local authentication of the Telnet user named who can access only commands of level 0 after successful login. It is required that when the Telnet user switches to privilege level 3, Device uses the RADIUS server for level switching authentication of the user and, if RADIUS authentication is not available or AAA configuration is ineffective, uses local authentication instead. Figure 1 Network diagram for privilege level switching authentication RADIUS server /24 Telnet user /24 Eth1/ /24 Eth1/ /24 Device Internet Login and level switching processes 1) Telneting to Device On the user PC, launch Telnet and input the username test@bbb and the password to log in to the user interface of Device. Only commands of level 0 can be accessed. <Device> telnet Trying Press CTRL+K to abort Connected to ************************************************************************** * Copyright (c) Hangzhou H3C Tech. Co., Ltd. All rights reserved.* * Without the owner's prior written consent, * * no decompiling or reverse-engineering shall be allowed. * ************************************************************************** Login authentication Username:test@bbb Password: <Device>? User view commands: cluster Run cluster command Hangzhou H3C Technologies Co., Ltd. 9/10

10 display Display current system information ping Ping function quit Exit from current command view ssh2 Establish a secure shell client connection super Set the current user priority level telnet Establish one TELNET connection tracert Trace route function 2) Switching the user privilege level # Execute the command for switching to level 3 in the user interface and input the level switching password pass3 as prompted. After successful authentication, the privilege level changes to 3. <Device> super 3 Password: < Enter the password for RADIUS level switching authentication User privilege level is 3, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE # If the RADIUS authentication is not available, the system prompts an error and the level switching authentication mode changes to local authentication mode. The password is needed for local authentication. <Device> super 3 Password: Error: Invalid configuration or no response from the authentication server. Info: Change authentication mode to local. Password: < Enter the password for switching to level 3 to pass local privilege level switching authentication User privilege level is 3, and only those commands can be used whose level is equal or less than this. Privilege note: 0-VISIT, 1-MONITOR, 2-SYSTEM, 3-MANAGE Copyright 2009 Hangzhou H3C Technologies Co., Ltd. All rights reserved. No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. The information in this document is subject to change without notice. Hangzhou H3C Technologies Co., Ltd. 10/10

Login management commands

Login management commands Contents Login management commands 1 CLI login configuration commands 1 display telnet client configuration 1 telnet 1 telnet ipv6 2 telnet server enable 3 User interface configuration commands 3 acl (user

More information

Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1

Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1 Table of Contents 1 Commands for Access Controller Switch Interface Board 1-1 Commands for Access Controller and Access Controller Switch Interface Board 1-1 acl (user interface view) 1-1 activation-key

More information

Operation Manual Login and User Interface. Table of Contents

Operation Manual Login and User Interface. Table of Contents Table of Contents Table of Contents Chapter 1 Switch Login... 1-1 1.1 Setting Up Configuration Environment Through the Console Port... 1-1 1.2 Setting Up Configuration Environment Through Telnet... 1-2

More information

Table of Contents 1 Basic Configuration Commands 1-1

Table of Contents 1 Basic Configuration Commands 1-1 Table of Contents 1 Basic Configuration Commands 1-1 Basic Configuration Commands 1-1 clock datetime 1-1 clock summer-time one-off 1-2 clock summer-time repeating 1-3 clock timezone 1-4 configure-user

More information

Table of Contents 1 SSH Configuration 1-1

Table of Contents 1 SSH Configuration 1-1 Table of Contents 1 SSH Configuration 1-1 SSH Overview 1-1 Introduction to SSH 1-1 Algorithm and Key 1-1 Asymmetric Key Algorithm 1-2 SSH Operating Process 1-2 Configuring the SSH Server 1-4 SSH Server

More information

PT Activity: Configure AAA Authentication on Cisco Routers

PT Activity: Configure AAA Authentication on Cisco Routers PT Activity: Configure AAA Authentication on Cisco Routers Instructor Version Topology Diagram Addressing Table Device Interface IP Address Subnet Mask R1 Fa0/0 192.168.1.1 255.255.255.0 S0/0/0 10.1.1.2

More information

HP 6125 Blade Switch Series

HP 6125 Blade Switch Series HP 6125 Blade Switch Series Fundamentals Configuration Guide Part number: 5998-3153 Software version: Release 2103 Document version: 6W100-20120907 Legal and notice information Copyright 2012 Hewlett-Packard

More information

Logging in to the CLI

Logging in to the CLI Contents Logging in to the CLI 1 Login methods 1 Logging in through the console port 2 Introduction 2 Configuration procedure 2 Logging in through the AUX port 5 Configuration prerequisites 5 Configuration

More information

HP 5500 EI & 5500 SI Switch Series

HP 5500 EI & 5500 SI Switch Series HP 5500 EI & 5500 SI Switch Series Fundamentals Configuration Guide Part number: 5998-1707 Software version: Release 2220 Document version: 6W100-20130810 Legal and notice information Copyright 2013 Hewlett-Packard

More information

HP 6125G & 6125G/XG Blade Switches

HP 6125G & 6125G/XG Blade Switches HP 6125G & 6125G/XG Blade Switches Fundamentals Configuration Guide Part number: 5998-3153a Software version: Release 2103 and later Document version: 6W102-20141218 Legal and notice information Copyright

More information

HP A5830 Switch Series Fundamentals. Configuration Guide. Abstract

HP A5830 Switch Series Fundamentals. Configuration Guide. Abstract HP A5830 Switch Series Fundamentals Configuration Guide Abstract This document describes the software features for the HP A Series products and guides you through the software configuration procedures.

More information

H3C WA Series WLAN Access Points. Fundamentals Command Reference

H3C WA Series WLAN Access Points. Fundamentals Command Reference H3C WA Series WLAN Access Points Fundamentals Command Reference Abstract This document details the commands for the WA series WLAN access points. Intended audience includes network planners, field technical

More information

SSH H3C Low-End Ethernet Switches Configuration Examples. Table of Contents

SSH H3C Low-End Ethernet Switches Configuration Examples. Table of Contents Table of Contents Table of Contents Chapter 1 Overview... 1-1 1.1 Introduction to... 1-1 1.2 Support for Functions... 1-1 1.3 Configuration... 1-2 1.3.1 Configuring an Server... 1-2 1.3.2 Configuring an

More information

Console Port, Telnet, and SSH Handling

Console Port, Telnet, and SSH Handling Console Port Overview, on page 1 Connecting Console Cables, on page 1 Installing USB Device Drivers, on page 1 Console Port Handling Overview, on page 2 Telnet and SSH Overview, on page 2 Persistent Telnet,

More information

HWTACACS Technology White Paper

HWTACACS Technology White Paper S Series Switches HWTACACS Technology White Paper Issue 1.0 Date 2015-08-08 HUAWEI TECHNOLOGIES CO., LTD. 2015. All rights reserved. No part of this document may be reproduced or transmitted in any form

More information

HP Load Balancing Module

HP Load Balancing Module HP Load Balancing Module System Management Configuration Guide Part number: 5998-4216 Software version: Feature 3221 Document version: 6PW100-20130326 Legal and notice information Copyright 2013 Hewlett-Packard

More information

Examples of Cisco APE Scenarios

Examples of Cisco APE Scenarios CHAPTER 5 This chapter describes three example scenarios with which to use Cisco APE: Access to Asynchronous Lines, page 5-1 Cisco IOS Shell, page 5-3 Command Authorization, page 5-5 Note For intructions

More information

Table of Contents 1 Basic Configuration Commands 1-1

Table of Contents 1 Basic Configuration Commands 1-1 Table of Contents 1 Basic Configuration Commands 1-1 Basic Configuration Commands 1-1 clock datetime 1-1 clock summer-time one-off 1-2 clock summer-time repeating 1-3 clock timezone 1-4 command-privilege

More information

Configuring Basic AAA on an Access Server

Configuring Basic AAA on an Access Server Configuring Basic AAA on an Access Server Document ID: 10384 Contents Introduction Before You Begin Conventions Prerequisites Components Used Network Diagram General AAA Configuration Enabling AAA Specifying

More information

H3C S5120-EI Switch Series

H3C S5120-EI Switch Series H3C S5120-EI Switch Series Fundamentals Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 2220 Document version: 6W100-20130810 Copyright 2013, Hangzhou

More information

SSH Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents

SSH Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents Table of Contents Table of Contents Chapter 1 SSH Overview... 1-1 1.1 Introduction to SSH... 1-1 1.2 Support for SSH Functions... 1-1 1.3 SSH Configuration... 1-1 1.3.1 Configuring an SSH Server... 1-1

More information

Table of Contents 1 CLI Configuration 1-1

Table of Contents 1 CLI Configuration 1-1 Table of Contents 1 CLI Configuration 1-1 Introduction to the CLI 1-1 Command Hierarchy 1-1 Switching User Levels 1-2 Setting the Level of a Command in a Specific View 1-3 CLI Views 1-4 CLI Features 1-6

More information

H3C SecBlade SSL VPN Card

H3C SecBlade SSL VPN Card H3C SecBlade SSL VPN Card Super Administrator Web Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document version: 5PW105-20130801 Copyright 2003-2013, Hangzhou H3C Technologies

More information

HP A3100 v2 Switch Series

HP A3100 v2 Switch Series HP A3100 v2 Switch Series Fundamentals Command Reference HP A3100-8 v2 SI Switch (JG221A) HP A3100-16 v2 SI Switch (JG222A) HP A3100-24 v2 SI Switch (JG223A) HP A3100-8 v2 EI Switch (JD318B) HP A3100-16

More information

Table of Contents 1 Basic Configuration Commands 1-1

Table of Contents 1 Basic Configuration Commands 1-1 Table of Contents 1 Basic Configuration Commands 1-1 Basic Configuration Commands 1-1 clock datetime 1-1 clock summer-time one-off 1-1 clock summer-time repeating 1-2 clock timezone 1-4 command-privilege

More information

H3C S5830V2 & S5820V2 Switch Series

H3C S5830V2 & S5820V2 Switch Series H3C S5830V2 & S5820V2 Switch Series Security Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release2108 Document version: 6W101-20120531 Copyright 2012, Hangzhou

More information

HP 3600 v2 Switch Series

HP 3600 v2 Switch Series HP 3600 v2 Switch Series Fundamentals Command Reference Part number: 5998-2359 Software version: Release 2101 Document version: 6W101-20130930 Legal and notice information Copyright 2013 Hewlett-Packard

More information

H3C S12500 Series Routing Switches

H3C S12500 Series Routing Switches H3C S12500 Series Routing Switches Security Command Reference Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: S12500-CMW710-R7128 Document version: 6W710-20121130 Copyright 2012,

More information

Logging in through SNMP from an NMS 22 Overview 22 Configuring SNMP agent 22 NMS login example 24

Logging in through SNMP from an NMS 22 Overview 22 Configuring SNMP agent 22 NMS login example 24 Contents Logging in to the CLI 1 Login methods 1 Logging in through the console or AUX port 2 Introduction 2 Configuration procedure 2 Logging in through Telnet 6 Introduction 6 Logging in to the switch

More information

Configuring Local Authentication

Configuring Local Authentication This chapter describes local authentication. This chapter also describes procedures to configure local authentication and privilege levels. This chapter includes the following topics: Understanding Authentication,

More information

User authentication configuration example 11 Command authorization configuration example 13 Command accounting configuration example 14

User authentication configuration example 11 Command authorization configuration example 13 Command accounting configuration example 14 Contents Logging in to the CLI 1 Login methods 1 Logging in through the console or AUX port 2 Logging in through Telnet 5 Telnetting to the switch 5 Telnetting from the switch to another device 7 Logging

More information

Table of Contents 1 AAA Overview AAA Configuration 2-1

Table of Contents 1 AAA Overview AAA Configuration 2-1 Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-3 Introduction to RADIUS 1-3

More information

Configuring Security for the ML-Series Card

Configuring Security for the ML-Series Card 19 CHAPTER Configuring Security for the ML-Series Card This chapter describes the security features of the ML-Series card. This chapter includes the following major sections: Understanding Security, page

More information

TACACS Device Access Control with Cisco Active Network Abstraction

TACACS Device Access Control with Cisco Active Network Abstraction TACACS Device Access Control with Cisco Active Network Abstraction Executive Summary Cisco Active Network Abstraction (ANA) is an extensible and scalable product suite that resides between the network

More information

Operation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents

Operation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents Table of Contents Table of Contents... 1-1 1.1 AAA/RADIUS/HWTACACS Over... 1-1 1.1.1 Introduction to AAA... 1-1 1.1.2 Introduction to RADIUS... 1-3 1.1.3 Introduction to HWTACACS... 1-9 1.1.4 Protocols

More information

Lab AAA Authorization and Accounting

Lab AAA Authorization and Accounting Lab 11.3.2 AAA Authorization and Accounting Objective Scenario Step 1 In this lab, the student will use the exec-timeout command to control the amount of time before an idle telnet or console session is

More information

Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+

Configuring TACACS+ Finding Feature Information. Prerequisites for TACACS+ Finding Feature Information, page 1 Prerequisites for TACACS+, page 1 Information About TACACS+, page 3 How to Configure TACACS+, page 7 Monitoring TACACS+, page 16 Finding Feature Information Your software

More information

Configuring the Management Interface and Security

Configuring the Management Interface and Security CHAPTER 5 Configuring the Management Interface and Security Revised: February 15, 2011, Introduction This module describes how to configure the physical management interfaces (ports) as well as the various

More information

HP 3600 v2 Switch Series

HP 3600 v2 Switch Series HP 3600 v2 Switch Series Fundamentals Command Reference Part number: 5998-7608 Software version: Release 2110P02 Document version: 6W100-20150305 Legal and notice information Copyright 2015 Hewlett-Packard

More information

Network Configuration Example

Network Configuration Example Network Configuration Example Adding a New Routing Device to Your Network Modified: 2017-01-17 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net All

More information

Configuring Authentication, Authorization, and Accounting

Configuring Authentication, Authorization, and Accounting Configuring Authentication, Authorization, and Accounting This chapter contains the following sections: Information About AAA, page 1 Prerequisites for Remote AAA, page 5 Guidelines and Limitations for

More information

Manage Users. About User Profiles. About User Roles

Manage Users. About User Profiles. About User Roles About User Profiles, page 1 About User Roles, page 1 Create Local Users, page 2 Edit Local Users, page 2 Delete Local Users, page 3 Change Your Own User Password, page 3 Display Role-Based Access Control

More information

AAA Authorization and Authentication Cache

AAA Authorization and Authentication Cache AAA Authorization and Authentication Cache First Published: March 16, 2006 Last Updated: March 1, 2006 The AAA Authorization and Authentication Cache feature allows you to cache authorization and authentication

More information

Operation Manual Security. Table of Contents

Operation Manual Security. Table of Contents Table of Contents Table of Contents Chapter 1 802.1x Configuration... 1-1 1.1 802.1x Overview... 1-1 1.1.1 802.1x Standard Overview... 1-1 1.1.2 802.1x System Architecture... 1-1 1.1.3 802.1x Authentication

More information

Lab 5.6b Configuring AAA and RADIUS

Lab 5.6b Configuring AAA and RADIUS Lab 5.6b Configuring AAA and RADIUS Learning Objectives Install CiscoSecure ACS Configure CiscoSecure ACS as a RADIUS server Enable AAA on a router using a remote RADIUS server Topology Diagram Scenario

More information

MAC-Based VLAN Technology White Paper

MAC-Based VLAN Technology White Paper MAC-Based VLAN Technology White Paper Keywords: MAC-based VLAN, 802.1X, MAC address authentication Abstract: As a way of grouping VLAN members, MAC address-based VLAN (MAC-based VLAN) decides the VLAN

More information

H3C Intelligent Management Center

H3C Intelligent Management Center H3C Intelligent Management Center TACACS+ Authentication Manager Administrator Guide New H3C Technologies Co., Ltd. http://www.h3c.com.hk Software version: IMC TAM 7.3 (E0501) Document version: 5PW105-20170515

More information

Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+)

Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+) Finding Feature Information, page 1 Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus (TACACS+), page 1 Information About TACACS+, page 3 How to Configure

More information

Table of Contents 1 AAA Overview AAA Configuration 2-1

Table of Contents 1 AAA Overview AAA Configuration 2-1 Table of Contents 1 AAA Overview 1-1 Introduction to AAA 1-1 Authentication 1-1 Authorization 1-1 Accounting 1-2 Introduction to ISP Domain 1-2 Introduction to AAA Services 1-2 Introduction to RADIUS 1-2

More information

SYN Flood Attack Protection Technology White Paper

SYN Flood Attack Protection Technology White Paper Flood Attack Protection Technology White Paper Flood Attack Protection Technology White Paper Keywords: flood, Cookie, Safe Reset Abstract: This document describes the technologies and measures provided

More information

Technology White Paper of SQL Injection Attacks and Prevention

Technology White Paper of SQL Injection Attacks and Prevention Technology White Paper of SQL Injection Attacks and Prevention Keywords: SQL injection, SQL statement, feature identification Abstract: SQL injection attacks are common attacks that exploit database vulnerabilities.

More information

LAB 3 Basic Switch Configuration Commands

LAB 3 Basic Switch Configuration Commands LAB 3 Basic Switch Configuration Commands This lab explains basic switch configuration commands in detail with examples. Configuration and commands explained in this tutorial are essential commands to

More information

WLAN Location Engine 2340 Using the Command Line Interface

WLAN Location Engine 2340 Using the Command Line Interface WLAN Location Engine 2340 Using the Command Line Interface Avaya WLAN 2300 Release 6.0 Document Status: Standard Document Number: NN47250-505 Document Version: 01.02 2010 Avaya Inc. All Rights Reserved.

More information

Configuring Secure Shell (SSH)

Configuring Secure Shell (SSH) Prerequisites for Configuring Secure Shell, page 1 Restrictions for Configuring Secure Shell, page 2 Information About Configuring Secure Shell, page 2 How to Configure Secure Shell, page 4 Monitoring

More information

HP 5920 & 5900 Switch Series

HP 5920 & 5900 Switch Series HP 5920 & 5900 Switch Series Security Command Reference Part number: 5998-2887 Software version: Release2208 Document version: 6W100-20130228 Legal and notice information Copyright 2013 Hewlett-Packard

More information

Configuring Switch-Based Authentication

Configuring Switch-Based Authentication CHAPTER 7 This chapter describes how to configure switch-based authentication on the switch. Unless otherwise noted, the term switch refers to a standalone switch and to a switch stack. This chapter consists

More information

HPE IMC UAM Device User Authentication Configuration Examples

HPE IMC UAM Device User Authentication Configuration Examples HPE IMC UAM Device User Authentication Configuration Examples Part Number: 5200-1375 Software version: IMC UAM 7.2 (E0403) Document version: 2 The information in this document is subject to change without

More information

Using the emergency shell 1

Using the emergency shell 1 Contents Using the emergency shell 1 Emergency shell usage guidelines 1 Managing the file systems 1 Obtaining a system image from an FTP/TFTP server 2 Configuring the management Ethernet interface 2 Checking

More information

Configuring Authorization

Configuring Authorization Configuring Authorization AAA authorization enables you to limit the services available to a user. When AAA authorization is enabled, the network access server uses information retrieved from the user

More information

FSOS Getting Started Operation

FSOS Getting Started Operation FSOS Getting Started Operation Contents Contents...2 Chapter 1 Logging in Ethernet Switch...3 1.1 Set up Configuration Environment via Console Port...3 1.2 Set up Configuration Environment through Telnet...

More information

Using the Command-Line Interface

Using the Command-Line Interface Information About, page 1 How to Use the CLI to Configure Features, page 5 Information About Command Modes The Cisco IOS user interface is divided into many different modes. The commands available to you

More information

Passwords and Privileges Commands

Passwords and Privileges Commands Passwords and Privileges Commands This chapter describes the commands used to establish password protection and configure privilege levels. Password protection lets you restrict access to a network or

More information

Table of Contents 1 FTP and SFTP Configuration TFTP Configuration 2-1

Table of Contents 1 FTP and SFTP Configuration TFTP Configuration 2-1 Table of Contents 1 FTP and SFTP Configuration 1-1 Introduction to FTP and SFTP 1-1 Introduction to FTP 1-1 Introduction to SFTP 1-1 FTP Configuration 1-2 FTP Configuration: A Switch Operating as an FTP

More information

Configuring Local Authentication and Authorization

Configuring Local Authentication and Authorization Configuring Local Authentication and Authorization Finding Feature Information, page 1 How to Configure Local Authentication and Authorization, page 1 Monitoring Local Authentication and Authorization,

More information

CHAPTER 2 ACTIVITY

CHAPTER 2 ACTIVITY CHAPTER 2 ACTIVITY 2.1.1.1 1. CLI stands for 2. GUI stands for 3. Write the step you used to go to CLI interface on Windows 4. The OS, normally loads from a disk drive, into RAM. 5. The portion of the

More information

Operation Manual SSH H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Operation Manual SSH H3C S3610&S5510 Series Ethernet Switches. Table of Contents Table of Contents Table of Contents... 1-1 1.1 SSH Overview... 1-1 1.2 Configuring the SSH Server... 1-5 1.2.1 Enabling SSH Server... 1-5 1.2.2 Configuring the Protocols for the SSH Client User Interface

More information

Configuring Authorization

Configuring Authorization The AAA authorization feature is used to determine what a user can and cannot do. When AAA authorization is enabled, the network access server uses information retrieved from the user s profile, which

More information

Overview of the Cisco NCS Command-Line Interface

Overview of the Cisco NCS Command-Line Interface CHAPTER 1 Overview of the Cisco NCS -Line Interface This chapter provides an overview of how to access the Cisco Prime Network Control System (NCS) command-line interface (CLI), the different command modes,

More information

CCNA 1 Chapter 2 v5.0 Exam Answers %

CCNA 1 Chapter 2 v5.0 Exam Answers % CCNA 1 Chapter 2 v5.0 Exam Answers 2015 100% 1. Which two features are characteristics of flash memory? (Choose two.) Flash provides nonvolatile storage. Flash receives a copy of the IOS from RAM when

More information

Xcalenets Console Setup Guide. Xcalenets Console Setup Guide (Standalone version)

Xcalenets Console Setup Guide. Xcalenets Console Setup Guide (Standalone version) Xcalenets Console Setup Guide Xcalenets Console Setup Guide (Standalone version) 1 Content CONTENT... 2 Getting Started to Xcalenets Console Setup... 3 Account Level Introduction... 3 Login Console Setup...

More information

H3C SR6600 Routers DVPN Configuration Example

H3C SR6600 Routers DVPN Configuration Example H3C SR6600 Routers DVPN Configuration Example Keywords: DVPN, VPN, VAM, AAA, IPsec, GRE Abstract: This document describes the DVPN configuration example for the H3C SR6600 Routers Series. Acronyms: Acronym

More information

SecBlade Firewall Cards NAT Configuration Examples

SecBlade Firewall Cards NAT Configuration Examples SecBlade Firewall Cards NAT Configuration Examples Keywords: NAT, PAT, private IP address, public IP address, IP address pool Abstract: This document describes the characteristics, applications scenarios,

More information

4(b): Assign the IP address on the Serial interface of Router. Console Cable

4(b): Assign the IP address on the Serial interface of Router. Console Cable Lab#4 Router Basic IOS 4(a). Router Basic Commands & Configuration 4(b) Assign the IP address on the Serial interface of Router Console Cable R1 PC1 Objectives Be familiar with use of different Configuration

More information

XML Transport and Event Notifications

XML Transport and Event Notifications 13 CHAPTER The chapter contains the following sections: TTY-Based Transports, page 13-123 Dedicated Connection Based Transports, page 13-125 SSL Dedicated Connection based Transports, page 13-126 TTY-Based

More information

Emergency shell commands 1

Emergency shell commands 1 Contents Emergency shell commands 1 copy 1 delete 1 dir 2 display copyright 4 display install package 4 display interface m-eth0 5 display ip routing-table 7 display ipv6 routing-table 7 display version

More information

Using the Command-Line Interface

Using the Command-Line Interface CHAPTER 2 This chapter describes the Cisco IOS command-line interface (CLI) and how to use it to configure your Cisco ME 3400 Ethernet Access switch. It contains these sections: Understanding Command Modes,

More information

Restrictions for Secure Copy Performance Improvement

Restrictions for Secure Copy Performance Improvement The Protocol (SCP) feature provides a secure and authenticated method for copying router configuration or router image files. SCP relies on Secure Shell (SSH), an application and a protocol that provide

More information

Password Strength and Management for Common Criteria

Password Strength and Management for Common Criteria Password Strength and Management for Common Criteria The Password Strength and Management for Common Criteria feature is used to specify password policies and security mechanisms for storing, retrieving,

More information

Exclusive Configuration Change Access and Access Session Locking

Exclusive Configuration Change Access and Access Session Locking Exclusive Configuration Change Access and Access Session Locking Exclusive Configuration Change Access (also called the Configuration Lock feature) allows you to have exclusive change access to the Cisco

More information

CISCO SWITCH BEST PRACTICES GUIDE

CISCO SWITCH BEST PRACTICES GUIDE CISCO SWITCH BEST PRACTICES GUIDE Table of Contents (After Clicking Link Hit HOME to Return to TOC) 1) Add Hostname... 2 2) Add Username and Password... 2 3) Create Secret Password... 2 4) Encrypt Password...

More information

Configuring a Terminal/Comm Server

Configuring a Terminal/Comm Server Configuring a Terminal/Comm Server Document ID: 5466 Introduction Prerequisites Requirements Components Used Conventions Cabling Design Strategy Configure Network Diagram Configurations Command Summary

More information

Configuring TACACS+ About TACACS+

Configuring TACACS+ About TACACS+ This chapter describes how to configure the Terminal Access Controller Access Control System Plus (TACACS+) protocol on Cisco NX-OS devices. This chapter includes the following sections: About TACACS+,

More information

XML Transport and Event Notifications

XML Transport and Event Notifications CHAPTER 13 This chapter contains these sections: TTY-Based Transports, page 13-129 Dedicated Connection Based Transports, page 13-131 SSL Dedicated Connection based Transports, page 13-133 TTY-Based Transports

More information

SecBlade Firewall Cards Stateful Failover Configuration Examples

SecBlade Firewall Cards Stateful Failover Configuration Examples SecBlade Firewall Cards Stateful Failover Configuration Examples Keywords: Stateful failover, active/standby mode, active/active mode, data synchronization, traffic switchover Abstract: A network that

More information

RADIUS Configuration. Overview. Introduction to RADIUS. Client/Server Model

RADIUS Configuration. Overview. Introduction to RADIUS. Client/Server Model Table of Contents RADIUS Configuration 1 Overview 1 Introduction to RADIUS 1 Client/Server Model 1 Security and Authentication Mechanisms 2 Basic Message Exchange Process of RADIUS 2 RADIUS Packet Format

More information

H3C imc. Branch Intelligent Management System. User Manual. Hangzhou H3C Technologies Co., Ltd.

H3C imc. Branch Intelligent Management System. User Manual. Hangzhou H3C Technologies Co., Ltd. H3C imc Branch Intelligent Management System User Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: imc BIMS 5.0 (E0102) Document version: 5PW103-20150427 Copyright 2011-2015,

More information

Cisco IOS Commands. abort CHAPTER

Cisco IOS Commands. abort CHAPTER CHAPTER 2 abort Use the abort VLAN database command to abandon the proposed new VLAN database, exit VLAN database mode, and return to privileged EXEC mode. abort This command has no arguments or keywords.

More information

HP MSR Router Series. Terminal Access Configuration Guide(V5) Part number: Software version: CMW520-R2509 Document version: 6PW

HP MSR Router Series. Terminal Access Configuration Guide(V5) Part number: Software version: CMW520-R2509 Document version: 6PW HP MSR Router Series Terminal Access Configuration Guide(V5) Part number: 5998-2022 Software version: CMW520-R2509 Document version: 6PW102-20130925 Legal and notice information Copyright 2013 Hewlett-Packard

More information

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example Document ID: 45843 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Configure

More information

HP High-End Firewalls

HP High-End Firewalls HP High-End Firewalls Getting Started Guide Part number: 5998-2646 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719 Legal

More information

TACACS+ Configuration Mode Commands

TACACS+ Configuration Mode Commands Important TACACS Configuration Mode is available in releases 11.0 and later. This chapter describes all commands available in the TACACS+ Configuration Mode. TACACS+ (Terminal Access Controller Access-Control

More information

Access Service Security

Access Service Security CHAPTER 4 Access Service Security The access service security paradigm presented in this guide uses the authentication, authorization, and accounting (AAA) facility: Authentication requires dial-in users

More information

Console Port, Telnet, and SSH Handling

Console Port, Telnet, and SSH Handling This chapter contains the following sections: Restrictions and Notes for Console Port, Telnet, and SSH, page 1 Console Port Overview, page 1 Console Port Handling Overview, page 1 Telnet and SSH Overview,

More information

SysMaster GW 7000 Digital Gateway. User Manual. version 1.0

SysMaster GW 7000 Digital Gateway. User Manual. version 1.0 SysMaster GW 7000 Digital Gateway User Manual version 1.0 Copyright 2003 by All rights reserved. No part of this manual may be reproduced or transmitted in any form without written permission from. The

More information

HPE FlexFabric 5700 Switch Series

HPE FlexFabric 5700 Switch Series HPE FlexFabric 5700 Switch Series Fundamentals Command Reference Part number: 5998-5600R Software version: Release 2422P01 and later Document version: 6W100-20160331 Copyright 2016 Hewlett Packard Enterprise

More information

Table of Contents 1 Information Center 1-1

Table of Contents 1 Information Center 1-1 Table of Contents 1 Information Center 1-1 Information Center Overview 1-1 Introduction to Information Center 1-1 System Information Format 1-4 Information Center Configuration 1-6 Introduction to the

More information

Logging In and Setting Up

Logging In and Setting Up This chapter includes the following sections: Overview of, page 1 Resetting the Admin Password, page 3 Password Guidelines, page 3 Resetting the Shared Secret, page 4 Overview of You can log in and work

More information

Stateful Failover Technology White Paper

Stateful Failover Technology White Paper Stateful Failover Technology White Paper Keywords: Stateful failover, master/backup mode, load balancing mode, data synchronization, link switching Abstract: A firewall device is usually the access point

More information

Configuring Secure Shell

Configuring Secure Shell Configuring Secure Shell Last Updated: October 24, 2011 The Secure Shell (SSH) feature is an application and a protocol that provides a secure replacement to the Berkeley r-tools. The protocol secures

More information

Configuring Security with Passwords, Privileges, and Logins

Configuring Security with Passwords, Privileges, and Logins Configuring Security with Passwords, Privileges, and Logins Cisco IOS based networking devices provide several features that can be used to implement basic security for CLI sessions using only the operating

More information