Page 12
... Other Features Use Authentication? . . . . 178 Default Management Security Values 178 Controlling Management Access (Web 180 Access Profile 180 Authentication Profiles 184 Select Authentication 187 Password Management 188 Last Password Set Result 190 User Login Configuration 191 Local User Database... 192 Line Password 194 Enable Password 194 TACACS+ Settings 195 RADIUS Global Configuration 197 RADIUS ...
... Other Features Use Authentication? . . . . 178 Default Management Security Values 178 Controlling Management Access (Web 180 Access Profile 180 Authentication Profiles 184 Select Authentication 187 Password Management 188 Last Password Set Result 190 User Login Configuration 191 Local User Database... 192 Line Password 194 Enable Password 194 TACACS+ Settings 195 RADIUS Global Configuration 197 RADIUS ...
Page 58
...Management Access" on page 169. 58 Switch Features Password-Protected Management Access Access to the Web, CLI, and SNMP management interfaces is password protected, and there are no default users on page 169. The strength of a password is a measure of the effectiveness of users accessing...can also configure the switch to 32 named authentication and accounting RADIUS servers. TACACS+ Client The switch has a TACACS+ client. Password strength is a function of a NAS-IP address. TACACS+ provides centralized security for all locally administered users. For information about ...
...Management Access" on page 169. 58 Switch Features Password-Protected Management Access Access to the Web, CLI, and SNMP management interfaces is password protected, and there are no default users on page 169. The strength of a password is a measure of the effectiveness of users accessing...can also configure the switch to 32 named authentication and accounting RADIUS servers. TACACS+ Client The switch has a TACACS+ client. Password strength is a function of a NAS-IP address. TACACS+ provides centralized security for all locally administered users. For information about ...
Page 98
Login Screen NOTE: The switch is not configured with a default user name or password. For information about connecting to the console, see "Local User Database" on page 192 (Web) or "Adding Users to a switch, see "Setting the IP Address ... about assigning an IP address to the Local Database" on page 103. For information about creating a user and password, see "Console Connection" on page 215 (CLI). 4 Click Submit. 98 Using Dell OpenManage Switch Administrator Passwords are both case sensitive and alpha-numeric. You must connect to the CLI by using the console port...
Login Screen NOTE: The switch is not configured with a default user name or password. For information about connecting to the console, see "Local User Database" on page 192 (Web) or "Adding Users to a switch, see "Setting the IP Address ... about assigning an IP address to the Local Database" on page 103. For information about creating a user and password, see "Console Connection" on page 215 (CLI). 4 Click Submit. 98 Using Dell OpenManage Switch Administrator Passwords are both case sensitive and alpha-numeric. You must connect to the CLI by using the console port...
Page 111
...Disabled on the PowerConnect 7000 Series switches. 6 Default Settings This section describes the default settings for many of -band (OOB) interface. Table 6-1. Default Settings Feature IP address Subnet mask Default gateway DHCP client Management VLAN ID VLAN 1 Members SDM template Users Minimum password length IPv6 ...management mode SNTP client Global logging Switch auditing CLI command logging Web logging SNMP logging Console logging RAM logging Persistent (FLASH) logging Default None None None Enabled on out-of the...
...Disabled on the PowerConnect 7000 Series switches. 6 Default Settings This section describes the default settings for many of -band (OOB) interface. Table 6-1. Default Settings Feature IP address Subnet mask Default gateway DHCP client Management VLAN ID VLAN 1 Members SDM template Users Minimum password length IPv6 ...management mode SNTP client Global logging Switch auditing CLI command logging Web logging SNMP logging Console logging RAM logging Persistent (FLASH) logging Default None None None Enabled on out-of the...
Page 116
... a hostname and do not include the domain name information, the default domain name is automatically appended to the hostname. PowerConnect 7000 Series switches are layer 2/3 managed switches. To manage the...Identifies your network, such as dell.com. Why Is Basic Network Information Needed? NOTE: The configuration example in a packet. Configuring the DNS information, default domain name, and host name... using a Web browser or Telnet client, the switch must also configure a username and password to be able to a hostname. Additionally, this chapter includes commands to the switch and...
... a hostname and do not include the domain name information, the default domain name is automatically appended to the hostname. PowerConnect 7000 Series switches are layer 2/3 managed switches. To manage the...Identifies your network, such as dell.com. Why Is Basic Network Information Needed? NOTE: The configuration example in a packet. Configuring the DNS information, default domain name, and host name... using a Web browser or Telnet client, the switch must also configure a username and password to be able to a hostname. Additionally, this chapter includes commands to the switch and...
Page 132
...(config-if)#exit 2 Configure the administrative user. The administrator configures a PowerConnect 7000 Series switch to manage the switch. Basic Network Information Configuration Example In this example, an administrator at a Dell office in California decides not to use the following information: • ... name: sunny.dell.com The administrator also maps the administrative laptop host name to the management network. If the DHCP client on the switch OOB interface by default. console(config)#username admin password secret123 level 15 3 Configure the DNS servers, default domain name, ...
...(config-if)#exit 2 Configure the administrative user. The administrator configures a PowerConnect 7000 Series switch to manage the switch. Basic Network Information Configuration Example In this example, an administrator at a Dell office in California decides not to use the following information: • ... name: sunny.dell.com The administrator also maps the administrative laptop host name to the management network. If the DHCP client on the switch OOB interface by default. console(config)#username admin password secret123 level 15 3 Configure the DNS servers, default domain name, ...
Page 169
...Access (CLI) • Management Access Configuration Examples Management Access Control Overview By default, management access to the switch through the out-of the management security features ... -band switch ports requires a user account to be configured on the switch. PowerConnect 7000 Series switches include several additional features to increase management security and help prevent ...user can access the switch management interface only after providing a valid username and password combination that matches the user account information stored in this chapter. Controlling Management Access...
...Access (CLI) • Management Access Configuration Examples Management Access Control Overview By default, management access to the switch through the out-of the management security features ... -band switch ports requires a user account to be configured on the switch. PowerConnect 7000 Series switches include several additional features to increase management security and help prevent ...user can access the switch management interface only after providing a valid username and password combination that matches the user account information stored in this chapter. Controlling Management Access...
Page 171
... Server database for 801X portbased authentication. • LINE--Uses the Line password for authentication. • LOCAL- Additional recommendations for Management Security? Sends the user's ID and password to the configured TACACS+ server to be one or more of profiles based... Management Access 171 What Are the Recommendations for management security include: • Require strong passwords • Disable factory-delivered default accounts • Enable password lockout • Configure user ACLs to protect administrative access to the network. The authentication method...
... Server database for 801X portbased authentication. • LINE--Uses the Line password for authentication. • LOCAL- Additional recommendations for Management Security? Sends the user's ID and password to the configured TACACS+ server to be one or more of profiles based... Management Access 171 What Are the Recommendations for management security include: • Require strong passwords • Disable factory-delivered default accounts • Enable password lockout • Configure user ACLs to protect administrative access to the network. The authentication method...
Page 178
...Port-Based Security" on page 505. Table 9-2 describes the default settings for the management access features. Table 9-2. Control List (ACL) Password management Password minimum length is enabled, and the minimum features password length is required. For information about RADIUS-assigned VLANs, ...console port, and no authentication is 8 characters. Default Management Security Values By default, the only management access to provide port-based access control. Management Security Default Values Management Security Default Feature Management Access No access profiles are configured. ...
...Port-Based Security" on page 505. Table 9-2 describes the default settings for the management access features. Table 9-2. Control List (ACL) Password management Password minimum length is enabled, and the minimum features password length is required. For information about RADIUS-assigned VLANs, ...console port, and no authentication is 8 characters. Default Management Security Values By default, the only management access to provide port-based access control. Management Security Default Values Management Security Default Feature Management Access No access profiles are configured. ...
Page 179
...Line and Enable passwords No passwords are defined. RADIUS No RADIUS servers are configured. HTTP HTTP access to the switch is disabled. DoS DoS protection is enabled. Table 9-2. Telnet New Telnet sessions are allowed, and the default port is disabled....access to the switch is 23. Controlling Management Access 179 Management Security Default Values (Continued) Management Security Default Feature Authentication Profiles The following three Authentication Profiles are configured by default: • defaultList-Method is NONE, which means no authentication is ...
...Line and Enable passwords No passwords are defined. RADIUS No RADIUS servers are configured. HTTP HTTP access to the switch is disabled. DoS DoS protection is enabled. Table 9-2. Telnet New Telnet sessions are allowed, and the default port is disabled....access to the switch is 23. Controlling Management Access 179 Management Security Default Values (Continued) Management Security Default Feature Authentication Profiles The following three Authentication Profiles are configured by default: • defaultList-Method is NONE, which means no authentication is ...
Page 217
... stored to use for the Line and Enable modes. Specify the login authentication list to ensure that a password should contain. The configured value also applies to Privileged EXEC mode. Command line {console|ssh |telnet} login authentication {default|list-name} enable authentication {default|list-name} show authentication methods Purpose Enter Line configuration mode for...
... stored to use for the Line and Enable modes. Specify the login authentication list to ensure that a password should contain. The configured value also applies to Privileged EXEC mode. Command line {console|ssh |telnet} login authentication {default|list-name} enable authentication {default|list-name} show authentication methods Purpose Enter Line configuration mode for...
Page 219
...; hostname - Host name of a password during configuration. View the configured settings for communication with Radius servers. 0.0.0.0 is interpreted as a substring. If no type is specified, the type is Default-RADIUS-Server. The default RADIUS server name is authentication. •...Purpose configure Enter Global Configuration mode. hostname} • acct | auth - Command passwords strength exclude-keyword word passwords strengthcheck exit show passwords configuration show passwords result Purpose Specify up to three keywords to exclude in Privileged EXEC mode, use the...
...; hostname - Host name of a password during configuration. View the configured settings for communication with Radius servers. 0.0.0.0 is interpreted as a substring. If no type is specified, the type is Default-RADIUS-Server. The default RADIUS server name is authentication. •...Purpose configure Enter Global Configuration mode. hostname} • acct | auth - Command passwords strength exclude-keyword word passwords strengthcheck exit show passwords configuration show passwords result Purpose Specify up to three keywords to exclude in Privileged EXEC mode, use the...
Page 232
...configure the switch: 1 Create a local user console#configure console(config)#username abc password password 2 Configure the lockout policy globally and specify that enables password lockout. The password lockout feature disables local access to the switch for a user with the user ...consecutive login failures separated by default, does not have password lockout enabled through the networkList authentication method. The configuration example in the local database. Password Expiry date Lockout -------False False 232 Controlling Management Access By default, Telnet and SSH access ...
...configure the switch: 1 Create a local user console#configure console(config)#username abc password password 2 Configure the lockout policy globally and specify that enables password lockout. The password lockout feature disables local access to the switch for a user with the user ...consecutive login failures separated by default, does not have password lockout enabled through the networkList authentication method. The configuration example in the local database. Password Expiry date Lockout -------False False 232 Controlling Management Access By default, Telnet and SSH access ...
Page 233
... networkList networkList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local : 5 Configure the serial port for password lockout because it has been globally enabled, and Telnet and SSH use the networkList authentication method. Telnet and SSH are ...local) authentication. The defaultList does not require authentication, but the networkList requires authentication by verifying the user name and password against an entry in the local database. console#configure console(config)#line console console(config-line)#login authentication networkList console...
... networkList networkList Enable Method List enableList enableList enableList HTTPS HTTP DOT1X :local :local : 5 Configure the serial port for password lockout because it has been globally enabled, and Telnet and SSH use the networkList authentication method. Telnet and SSH are ...local) authentication. The defaultList does not require authentication, but the networkList requires authentication by verifying the user name and password against an entry in the local database. console#configure console(config)#line console console(config-line)#login authentication networkList console...
Page 268
... the mail server. 268 Monitoring and Logging System Information Warning, notice, info, and debug messages are the default values. console#configure console(config)#mail-server ip-address 192.168.2.34 2 Configure the username and password for the switch must use for SMTP, port 25, which are not sent in the inbox has...
... the mail server. 268 Monitoring and Logging System Information Warning, notice, info, and debug messages are the default values. console#configure console(config)#mail-server ip-address 192.168.2.34 2 Configure the username and password for the switch must use for SMTP, port 25, which are not sent in the inbox has...
Page 335
Configuring SNMP (CLI) This section provides information about these commands, see the PowerConnect 7000 Series CLI Reference Guide. Beginning in hexadecimal character strings is a concatenated hexadecimal string. Configuring SNMP 335 You can be reconfigured. The ... command line) is converted to be separated by RFC 2274. The command line password is generated using the MAC address of SNMPv3 users will be used. Configuring the SNMPv3 Engine ID To use the default string that identifies the engine ID. Command Purpose configure Enter Global Configuration mode snmp...
Configuring SNMP (CLI) This section provides information about these commands, see the PowerConnect 7000 Series CLI Reference Guide. Beginning in hexadecimal character strings is a concatenated hexadecimal string. Configuring SNMP 335 You can be reconfigured. The ... command line) is converted to be separated by RFC 2274. The command line password is generated using the MAC address of SNMPv3 users will be used. Configuring the SNMPv3 Engine ID To use the default string that identifies the engine ID. Command Purpose configure Enter Global Configuration mode snmp...
Page 340
... the SNMP protocol. (Range: 1-20 characters) • group-name - Name of a previously defined group. Community string that acts like a ip-address] password and permits access to Privileged EXEC mode. Default is all IP addresses. Map the internal security name for SNMP v1 and SNMP group community-string v2 security models to the...
... the SNMP protocol. (Range: 1-20 characters) • group-name - Name of a previously defined group. Community string that acts like a ip-address] password and permits access to Privileged EXEC mode. Default is all IP addresses. Map the internal security name for SNMP v1 and SNMP group community-string v2 security models to the...
Page 342
....) • filtername - The default is 3 attempts. • traps - version 1 - Indicates that SNMPv1 traps will be used • community-string - For SNMPv1 and SNMPv2, configure the system to use. Indicates that is 15 seconds. (Range: 1-300 characters.) • retries - A string that SNMPv2 informs are sent to this host - Specifies a password-like community string...
....) • filtername - The default is 3 attempts. • traps - version 1 - Indicates that SNMPv1 traps will be used • community-string - For SNMPv1 and SNMPv2, configure the system to use. Indicates that is 15 seconds. (Range: 1-300 characters.) • retries - A string that SNMPv2 informs are sent to this host - Specifies a password-like community string...
Page 445
...to customers, such as business centers and hotels. Captive Portals are often used in this chapter include: • Captive Portal Overview • Default Captive Portal Behavior and Settings • Configuring the Captive Portal (Web) • Configuring a Captive Portal (CLI) • Captive Portal ...can connect to the acceptable use . To gain network access, the user must enter a username (for guest access) or a username and password (for authenticated access) and accept the terms of use policy. For example, a hotel might allow guests to configure the Captive Portal feature...
...to customers, such as business centers and hotels. Captive Portals are often used in this chapter include: • Captive Portal Overview • Default Captive Portal Behavior and Settings • Configuring the Captive Portal (Web) • Configuring a Captive Portal (CLI) • Captive Portal ...can connect to the acceptable use . To gain network access, the user must enter a username (for guest access) or a username and password (for authenticated access) and accept the terms of use policy. For example, a hotel might allow guests to configure the Captive Portal feature...
Page 450
...that duplicate Username entries can be defined in a database or enter a password to use an additional HTTP and/or HTTPS port (in support of Proxy networks). 450 Configuring a Captive Portal Table 17-1. By default, the user does not need to be configured to access the network because... associated with the Captive Portal and globally enable the Captive Portal feature, a user who connects to gain network access. Figure 17-3. Default Captive Portal Behavior and Settings Captive Portal is presented with the Captive Portal Welcome screen shown in Figure 17-3. If you associate an ...
...that duplicate Username entries can be defined in a database or enter a password to use an additional HTTP and/or HTTPS port (in support of Proxy networks). 450 Configuring a Captive Portal Table 17-1. By default, the user does not need to be configured to access the network because... associated with the Captive Portal and globally enable the Captive Portal feature, a user who connects to gain network access. Figure 17-3. Default Captive Portal Behavior and Settings Captive Portal is presented with the Captive Portal Welcome screen shown in Figure 17-3. If you associate an ...