Filter
Top Products
Overview of Security Methods
3-12 Accessing Local Management
3.4.1 Host Access Control Authentication (HACA)
To use HACA, the embedded Radius Client on the switch must be configured to communicate with
the Radius Server, and the Radius Server must be configured with the password information. The
software used for this application provides the ability to centralize the Authentication,
Authorization, and Accounting (AAA) of the network resources. For more information, refer to the
RFC 2865 (Radius Authentication) and RFC 2866 (Radius Accounting) for a description of the
protocol.
Each switch has its own Radius Client. The client can be configured via the Radius Configuration
screen described in Section 3.7.
The IP address of the Radius Server and shared secret text string must be configured on the
Radius Client. The client uses the Password Authentication Protocol (PAP) to communicate the
user name and encrypted password to the Radius Server.
On the Radius Server, each user is configured with the following:
• name
• password
• access level
The access level can be set to one of the following levels for each user name:
• super-user
• read-write
• read-only
To support multiple access levels per user name, it involves sending back a different “FilterID”
attribute using some server feature to differentiate between the same user name with different
prefixes/suffixes. For example, “username@engineering” and “username@home” could each
return different access levels.
NOTE: This is a server-dependent feature.