•
Console—Authenticates access through the console port (CLI only).
•
Telnet—Authenticates users accessing the CLI by using a Telnet or SSH
client.
•
Secure HTTP—Authenticates users accessing OpenManage Switch
Administrator by using an HTTPS connection.
•
HTTP—Authenticates users accessing OpenManage Switch
Administrator by using an HTTP connection.
•
DOT1X—Authenticates hosts connecting through the in-band switch
ports. This access type is for network authentication and not management
interface authentication.
NOTE:
For information about port-based authentication, see "Configuring 802.1X
and Port-Based Security" on page 509.
The switch has three preconfigured authentication profiles. For information
about these profiles, see "Default Management Security Values" on page 180.
How Does TACACS+ Control Management Access?
TACACS+ (Terminal Access Controller Access Control System) provides
access control for networked devices via one or more centralized servers.
TACACS+ simplifies authentication by making use of a single database that
can be shared by many clients on a large network. TACACS+ uses TCP to
ensure reliable delivery and a shared key configured on the client and daemon
server to encrypt all messages.
If you configure TACACS+ as the authentication method for user login and a
user attempts to access the user interface on the switch, the switch prompts
for the user login credentials and requests services from the TACACS+
client. The client then uses the configured list of servers for authentication,
and provides results back to the switch.
Figure 9-1 shows an example of access management using TACACS+.
174
Controlling Management Access