Filter
Top Products
Managing Switch Security Setting Up Management Interfaces for ASA
OmniSwitch 6600 Family Switch Management Guide March 2005 page 8-9
Setting Up Management Interfaces for ASA
By default, authenticated access is available through the console port. Access through other management
interfaces is disabled. Other management interfaces include Telnet, FTP, HTTP, Secure Shell, and SNMP.
This chapter describes how to set up access for management interfaces. For more details about particular
management interfaces and how they are used, see Chapter 1, “Logging Into the Switch.”
To give switch access to management interfaces, use the aaa authentication command to allow or deny
access to each interface type; the default keyword may be used to configure access for all interface types.
Specify the server(s) to be used for authentication through the indicated management interface.
Keywords used for specifying management interfaces are listed here:
Note that ssh is the keyword used to specify Secure Shell.
To specify an external authentication server or servers, use the RADIUS or LDAP server name or the
keyword ace for an ACE/Server. To specify that the local user database should be used for authentication,
use the local keyword. Up to four servers total may be specified.
RADIUS and LDAP servers are set up to communicate with the switch via the aaa radius-server and aaa
ldap-server commands. ACE/Servers do not require any configuration, but you must FTP the sdconf.rec
file from the server to the switch’s network directory. For more information about configuring the switch
to communicate with these servers, see the “Managing Authentication Servers” chapter of the OmniSwitch
6600 Family Network Configuration Guide.
Note. RADIUS or LDAP servers used for authenticated switch access may also be used with authenti-
cated VLANs. Authenticated VLANs are described in the “Configuring Authenticated VLANs” chapter of
the OmniSwitch 6600 Family Network Configuration Guide.
The order of the specified servers is important. The switch uses only one server for authentication—the
first available server in the list. All authentication attempts will be tried on that server. Other servers are
not tried, even if they are available. If local is specified, it must be last in the list since the local user data-
base is always available when the switch is up.
Servers may also be used for accounting, or logging, of authenticated sessions. See “Configuring Account-
ing for ASA” on page 8-12.
The following table describes the management access interfaces or methods and the types of authentica-
tion servers that may be used with them:
keywords
console
telnet
ftp
http
ssh
snmp
default
Server Type Management Access Method
RADIUS Telnet, FTP, HTTP, Secure Shell
LDAP Telnet, FTP, HTTP, Secure Shell, SNMP
ACE/Server Telnet, FTP, HTTP, Secure Shell
local console, FTP, HTTP, Secure Shell, SNMP