206 Intel® Blade Server Ethernet Switch Module IXM5414E
Security configuration commands
This section describes the commands used to configure and manage the security features of the
Intel® Blade Server Ethernet Switch Module IXM5414E. These features include:
• Authentication commands
• IEEE 802.1X Port-based network access control
• Remote Authentication Dial-In User Service (RADIUS)
• Secure Shell (SSH) commands
• Secure Socket Layer (SSL) commands
Authentication commands
config authentication login create
Use this command to create an authentication login list. The <listname> is up to 15 alphanumeric
characters and is case sensitive. Up to 10 authentication login lists can be configured on the switch.
When a list is created, the authentication method “local” is set as the first method. Authentication
methods can be changed using the config authentication login set command.
Format config authentication login create <listname>
config authentication login delete
Use this command to delete the specified authentication login list. The command will fail if any of
the following conditions are true:
• The login list name is invalid or does not identify an existing login list
• The specified login list is currently assigned to a user or to the nonconfigured user
• The specified login list is the default login list included with the default configuration and was
not created using the config authentication login set command.
Format config authentication login delete <listname>
config authentication login set
Use this command to configure an ordered list of methods for the specified authentication login list.
You may specify up to three methods. The possible methods are local, radius, and reject.
The value of local indicates that the user’s locally stored ID and password should be used for
authentication. The value of radius indicates that the user’s ID and password will be authenticated
using the RADIUS server. The value of reject indicates that the user is never authenticated.
To authenticate a user, the authentication methods in the user’s login list will be attempted in order
until an authentication attempt succeeds or fails.
Note that the default login list included with the default configuration can not be changed.
Format config authentication login set <listname> <local/radius/reject>
[local/radius/reject] [local/radius/reject]
config users defaultlogin
Use this command to assign the authentication login list to be used when a non-configured user
attempts to log in to the system. This setting is overridden by the authentication login list assigned to