Filter
Top Products
Chapter 1: Introduction 3
• SSH and Telnet access
• Syslog server
NOTE: Remote authentication NIS and IPSec are not supported with IPv6.
Flexible users and groups
An account can be defined for each user on the console server or on an authentication server. The
admin and root users have accounts by default, and either can add and configure other user
accounts. Access to ports can be optionally restricted, based on authorizations that an administrator
can assign to custom user groups. Groups can be authorized to manage power while connected to
devices. For more information, see
Users Accounts and User Groups on page 44.
Security
Security profiles determine which network services are enabled on the console server. Using the
Web Manager or the CLI, you can configure automatic detection of PC cards and USB devices or
RPC. You can either allow all users to access enabled ports or allow the configuration of group
authorizations to restrict access. You can also select a security profile, which defines which
services (FTP, ICMP, IPSec and Telnet) are enabled and SSH and HTTP/HTTPS access. The
administrator can select either a preconfigured security profile or create a custom profile. For more
information, see
Security Configuration on page 39.
Authentication
Authentication can be performed locally, with One Time Passwords (OTP), or on a remote
Kerberos, LDAP, NIS, Radius or TACACS+ authentication server. If the ACS 6000 console server
is managed by a DSView 3 server, DSView authentication is also supported. The console server
also supports remote group authorizations for the LDAP, Radius and TACACS+ authentication
methods. Fallback mechanisms are also available.
An administrator can configure authentication using the CLI utility and the Web Manager. Any
authentication method that is configured for the console server or the ports is used for
authentication of any user who attempts to log in through Telnet, SSH or the Web Manager. For
more information, see
Authentication on page 41.
VPN based on IPSec with NAT traversal
If IPSec is enabled in the selected security profile, an administrator can use the VPN feature to
enable secure connections. IPSec encryption with optional NAT traversal (which is configured by
default) creates a secure tunnel for dedicated communications between the console server and other
computers that have IPSec installed, such as routers, firewall machines, application servers and
end-user machines. ESP and AH authentication protocols, RSA Public Keys and Shared Secret
are
supported. For more information, see IPSec(VPN) on page 55.