Page 12
... Other Features Use Authentication? . . . . 178 Default Management Security Values 178 Controlling Management Access (Web 180 Access Profile 180 Authentication Profiles 184 Select Authentication 187 Password Management 188 Last Password Set Result 190 User Login Configuration 191 Local User Database... 192 Line Password 194 Enable Password 194 TACACS+ Settings 195 RADIUS Global Configuration 197 RADIUS ...
... Other Features Use Authentication? . . . . 178 Default Management Security Values 178 Controlling Management Access (Web 180 Access Profile 180 Authentication Profiles 184 Select Authentication 187 Password Management 188 Last Password Set Result 190 User Login Configuration 191 Local User Database... 192 Line Password 194 Enable Password 194 TACACS+ Settings 195 RADIUS Global Configuration 197 RADIUS ...
Page 58
... the configuration of users accessing the switch. Using strong passwords lowers overall risk of a password in resisting guessing and brute-force attacks. The switch also supports RADIUS Attribute 4, which ...Password Enforcement The Strong Password feature enforces a baseline password strength for validation of a NAS-IP address. Password-Protected Management Access Access to accept RADIUS-assigned VLANs. For information about configuring password settings, see "Controlling Management Access" on page 169. The strength of a password is password protected, and there are no default...
... the configuration of users accessing the switch. Using strong passwords lowers overall risk of a password in resisting guessing and brute-force attacks. The switch also supports RADIUS Attribute 4, which ...Password Enforcement The Strong Password feature enforces a baseline password strength for validation of a NAS-IP address. Password-Protected Management Access Access to accept RADIUS-assigned VLANs. For information about configuring password settings, see "Controlling Management Access" on page 169. The strength of a password is password protected, and there are no default...
Page 98
...the IP Address and Other Basic Network Information" on page 103. Login Screen NOTE: The switch is not configured with a default user name or password. For information about creating a user and password, see "Local User Database" on page 192 (Web) or "Adding Users to a switch, see "Console Connection" ...the switch: 1 Open a web browser. 2 Enter the IP address of the switch in the address bar and press . Passwords are both case sensitive and alpha-numeric. Starting the Application To access the Dell OpenManage Switch Administrator and log on page 215 (CLI). 4 Click Submit. 98 Using...
...the IP Address and Other Basic Network Information" on page 103. Login Screen NOTE: The switch is not configured with a default user name or password. For information about creating a user and password, see "Local User Database" on page 192 (Web) or "Adding Users to a switch, see "Console Connection" ...the switch: 1 Open a web browser. 2 Enter the IP address of the switch in the address bar and press . Passwords are both case sensitive and alpha-numeric. Starting the Application To access the Dell OpenManage Switch Administrator and log on page 215 (CLI). 4 Click Submit. 98 Using...
Page 111
Disabled on out-of the software features on the PowerConnect 7000 Series switches. Default Settings Feature IP address Subnet mask Default gateway DHCP client Management VLAN ID VLAN 1 Members SDM template Users Minimum password length IPv6 management mode SNTP client Global logging Switch auditing... CLI command logging Web logging SNMP logging Console logging RAM logging Persistent (FLASH) logging Default None None None Enabled on Management VLAN (inband ...
Disabled on out-of the software features on the PowerConnect 7000 Series switches. Default Settings Feature IP address Subnet mask Default gateway DHCP client Management VLAN ID VLAN 1 Members SDM template Users Minimum password length IPv6 management mode SNTP client Global logging Switch auditing... CLI command logging Web logging SNMP logging Console logging RAM logging Persistent (FLASH) logging Default None None None Enabled on Management VLAN (inband ...
Page 116
... Web browser or Telnet client, the switch must also configure a username and password to be able to log into IP addresses. For information about configuring users,...a hostname. Identifies your network, such as dell.com. If you enter a hostname and do not include the domain name information, the default domain name is automatically appended to create an...to -IP address mappings that have an IP address, subnet mask, and default gateway. Requests network information from a remote host. PowerConnect 7000 Series switches are layer 2/3 managed switches. Translates hostnames into the ...
... Web browser or Telnet client, the switch must also configure a username and password to be able to log into IP addresses. For information about configuring users,...a hostname. Identifies your network, such as dell.com. If you enter a hostname and do not include the domain name information, the default domain name is automatically appended to create an...to -IP address mappings that have an IP address, subnet mask, and default gateway. Requests network information from a remote host. PowerConnect 7000 Series switches are layer 2/3 managed switches. Translates hostnames into the ...
Page 132
... user. To configure the switch: 1 Connect the OOB port to obtain its IP address. console(config)#username admin password secret123 level 15 3 Configure the DNS servers, default domain name, and static host mapping. console(config)#ip name-server 10.27.138.20 10.27.138.21 console...(config)#ip domain-name sunny.dell.com console(config)#ip host admin-laptop 10.27.65.103 console(config)#exit 132 Setting Basic Network Information The administrator configures a PowerConnect...
... user. To configure the switch: 1 Connect the OOB port to obtain its IP address. console(config)#username admin password secret123 level 15 3 Configure the DNS servers, default domain name, and static host mapping. console(config)#ip name-server 10.27.138.20 10.27.138.21 console...(config)#ip domain-name sunny.dell.com console(config)#ip host admin-laptop 10.27.65.103 console(config)#exit 132 Setting Basic Network Information The administrator configures a PowerConnect...
Page 169
...access the switch management interface only after providing a valid username and password combination that matches the user account information stored in this chapter include: • Management Access Control Overview • Default Management Security Values • Controlling Management Access (Web) •...It also includes information about controlling access through switch-based authentication or by using TACACS+ or RADIUS servers. PowerConnect 7000 Series switches include several additional features to increase management security and help prevent unauthorized access to the switch ...
...access the switch management interface only after providing a valid username and password combination that matches the user account information stored in this chapter include: • Management Access Control Overview • Default Management Security Values • Controlling Management Access (Web) •...It also includes information about controlling access through switch-based authentication or by using TACACS+ or RADIUS servers. PowerConnect 7000 Series switches include several additional features to increase management security and help prevent unauthorized access to the switch ...
Page 171
... interface. Controlling Management Access 171 Additional recommendations for management security include: • Require strong passwords • Disable factory-delivered default accounts • Enable password lockout • Configure user ACLs to protect administrative access to access the switch management interface.... authentication. • LOCAL- What Are the Recommendations for authentication. • RADIUS--Sends the user's ID and password will be applied system wide with little administrative effort. In large deployments, many administrators prefer to use a RADIUS ...
... interface. Controlling Management Access 171 Additional recommendations for management security include: • Require strong passwords • Disable factory-delivered default accounts • Enable password lockout • Configure user ACLs to protect administrative access to access the switch management interface.... authentication. • LOCAL- What Are the Recommendations for authentication. • RADIUS--Sends the user's ID and password will be applied system wide with little administrative effort. In large deployments, many administrators prefer to use a RADIUS ...
Page 178
... also use the IAS to the switch is through the console port, and no authentication is 8 characters. Default Management Security Values By default, the only management access to authenticate users. Port-based access control specifies whether devices that are connected to ... or the local user database to the network. Password aging, limiting the number consecutive passwords before reuse, and limiting the number of allowed consecutive login attempts are configured. Management Security Default Values Management Security Default Feature Management Access No access profiles are disabled. ...
... also use the IAS to the switch is through the console port, and no authentication is 8 characters. Default Management Security Values By default, the only management access to authenticate users. Port-based access control specifies whether devices that are connected to ... or the local user database to the network. Password aging, limiting the number consecutive passwords before reuse, and limiting the number of allowed consecutive login attempts are configured. Management Security Default Values Management Security Default Feature Management Access No access profiles are disabled. ...
Page 179
RADIUS No RADIUS servers are defined. Table 9-2. DoS DoS protection is required. Management Security Default Values (Continued) Management Security Default Feature Authentication Profiles The following three Authentication Profiles are configured by default: • defaultList-Method is NONE, which means no authentication is required. • networkList-Method is LOCAL, ... is disabled. HTTPS HTTPS access to the switch is disabled. Local User Database No users are defined Line and Enable passwords No passwords are allowed, and the default port is enabled.
RADIUS No RADIUS servers are defined. Table 9-2. DoS DoS protection is required. Management Security Default Values (Continued) Management Security Default Feature Authentication Profiles The following three Authentication Profiles are configured by default: • defaultList-Method is NONE, which means no authentication is required. • networkList-Method is LOCAL, ... is disabled. HTTPS HTTPS access to the switch is disabled. Local User Database No users are defined Line and Enable passwords No passwords are allowed, and the default port is enabled.
Page 217
... list to ensure that a password should contain. Enforce a minimum number of previous passwords that are in use for login and enable access. Controlling Management Access 217 The valid range is applied to the enable password (Range 8-64). Command line {console|ssh |telnet} login authentication {default|list-name} enable authentication {default|list-name} show authentication methods...
... list to ensure that a password should contain. Enforce a minimum number of previous passwords that are in use for login and enable access. Controlling Management Access 217 The valid range is applied to the enable password (Range 8-64). Command line {console|ssh |telnet} login authentication {default|list-name} enable authentication {default|list-name} show authentication methods...
Page 219
...(in between the string, case in a password. View information about a RADIUS server to the switch. If no type is specified, the type is Default-RADIUS-Server. Host name of a password during configuration. Controlling Management Access 219 View ... auth - The default RADIUS server name is authentication. • ipaddress - Verify the strength of the RADIUS server host (Range: 1-255 characters). Exit to a RADIUS server. Command passwords strength exclude-keyword word passwords strengthcheck exit show passwords configuration show passwords result Purpose Specify ...
...(in between the string, case in a password. View information about a RADIUS server to the switch. If no type is specified, the type is Default-RADIUS-Server. Host name of a password during configuration. Controlling Management Access 219 View ... auth - The default RADIUS server name is authentication. • ipaddress - Verify the strength of the RADIUS server host (Range: 1-255 characters). Exit to a RADIUS server. Command passwords strength exclude-keyword word passwords strengthcheck exit show passwords configuration show passwords result Purpose Specify ...
Page 232
...steps required for enabling lockout for a user with the user name abc on do not need to enter a password three times before being locked out. By default, Telnet and SSH access methods have an access method that the user can still cause a user to be locked... out. console#show users accounts UserName Privilege abc 1 admin 15 Password Aging ------------ Failed attempts to log on the serial port. consecutive login failures separated by default, does not have password lockout enabled through the networkList authentication method.
...steps required for enabling lockout for a user with the user name abc on do not need to enter a password three times before being locked out. By default, Telnet and SSH access methods have an access method that the user can still cause a user to be locked... out. console#show users accounts UserName Privilege abc 1 admin 15 Password Aging ------------ Failed attempts to log on the serial port. consecutive login failures separated by default, does not have password lockout enabled through the networkList authentication method.
Page 233
...(local) authentication. The defaultList does not require authentication, but the networkList requires authentication by verifying the user name and password against an entry in the local database. console#show authentication methods Login Authentication Method Lists defaultList : none networkList : ... HTTPS HTTP DOT1X :local :local : 5 Configure the serial port for password lockout because it has been globally enabled, and Telnet and SSH use the networkList authentication method. By default, Console (serial) access uses the defaultList authentication. 4 View information about ...
...(local) authentication. The defaultList does not require authentication, but the networkList requires authentication by verifying the user name and password against an entry in the local database. console#show authentication methods Login Authentication Method Lists defaultList : none networkList : ... HTTPS HTTP DOT1X :local :local : 5 Configure the serial port for password lockout because it has been globally enabled, and Telnet and SSH use the networkList authentication method. By default, Console (serial) access uses the defaultList authentication. 4 View information about ...
Page 268
... will be sent in a single email every 120 minutes. console#configure console(config)#mail-server ip-address 192.168.2.34 2 Configure the username and password for the switch must use for sending messages. To configure the switch: 1 Specify the mail server to use to authenticate with the mail server. ... mail server does not require authentication and uses the standard TCP port for sending email alerts. Warning, notice, info, and debug messages are the default values. Configuring Email Alerting The commands in this example define the SMTP server to the following: Figure 10-25.
... will be sent in a single email every 120 minutes. console#configure console(config)#mail-server ip-address 192.168.2.34 2 Configure the username and password for the switch must use for sending messages. To configure the switch: 1 Specify the mail server to use to authenticate with the mail server. ... mail server does not require authentication and uses the standard TCP port for sending email alerts. Warning, notice, info, and debug messages are the default values. Configuring Email Alerting The commands in this example define the SMTP server to the following: Figure 10-25.
Page 335
... the configuration file is converted to configure an engine ID for SNMP. A user's password (entered on the device MAC address. Configuring the SNMPv3 Engine ID To use the default string that identifies the engine ID. You can be used. The engine ID is.... The command line password is then destroyed, as required by a period or colon. (Range: 6-32 characters) • default - Beginning in hexadecimal character strings is two hexadecimal digits. Configuring SNMP (CLI) This section provides information about these commands, see the PowerConnect 7000 Series CLI Reference...
... the configuration file is converted to configure an engine ID for SNMP. A user's password (entered on the device MAC address. Configuring the SNMPv3 Engine ID To use the default string that identifies the engine ID. You can be used. The engine ID is.... The command line password is then destroyed, as required by a period or colon. (Range: 6-32 characters) • default - Beginning in hexadecimal character strings is two hexadecimal digits. Configuring SNMP (CLI) This section provides information about these commands, see the PowerConnect 7000 Series CLI Reference...
Page 340
...v2 security models to the SNMP protocol. (Range: 1-20 characters) • group-name - Community string that acts like a ip-address] password and permits access to the group name. exit Exit to the community. (Range: 1-30 characters) • ip-address - group-name [ipaddress ...8226; community-string - Default is all IP addresses. Management station IP address. show snmp View SNMP settings and verify the configuration 340 Configuring SNMP Name of a previously...
...v2 security models to the SNMP protocol. (Range: 1-20 characters) • group-name - Community string that acts like a ip-address] password and permits access to the group name. exit Exit to the community. (Range: 1-30 characters) • ip-address - group-name [ipaddress ...8226; community-string - Default is all IP addresses. Management station IP address. show snmp View SNMP settings and verify the configuration 340 Configuring SNMP Name of a previously...
Page 342
...Configuring SNMP Maximum number of the host to resend an inform request. version 1 - Command Purpose snmp-server host host- Specifies a password-like community string sent with the notification operation. (Range: 1-20 characters) • port - Number of seconds to receive addr ... port] [filter filtername] • host-addr - version 2 - A string that defines the filter for an acknowledgment before resending informs. The default is the name of the host. (Range:1-158 characters). • informs - For SNMPv1 and SNMPv2, configure the system to wait for this ...
...Configuring SNMP Maximum number of the host to resend an inform request. version 1 - Command Purpose snmp-server host host- Specifies a password-like community string sent with the notification operation. (Range: 1-20 characters) • port - Number of seconds to receive addr ... port] [filter filtername] • host-addr - version 2 - A string that defines the filter for an acknowledgment before resending informs. The default is the name of the host. (Range:1-158 characters). • informs - For SNMPv1 and SNMPv2, configure the system to wait for this ...
Page 445
...before gaining access to the acceptable use , or the hotel might provide an Ethernet port in this chapter include: • Captive Portal Overview • Default Captive Portal Behavior and Settings • Configuring the Captive Portal (Web) • Configuring a Captive Portal (CLI) • Captive Portal Configuration Example... or restrict network access. To gain network access, the user must enter a username (for guest access) or a username and password (for Internet use policy. 17 Configuring a Captive Portal This chapter describes how to configure the Captive Portal feature.
...before gaining access to the acceptable use , or the hotel might provide an Ethernet port in this chapter include: • Captive Portal Overview • Default Captive Portal Behavior and Settings • Configuring the Captive Portal (Web) • Configuring a Captive Portal (CLI) • Captive Portal Configuration Example... or restrict network access. To gain network access, the user must enter a username (for guest access) or a username and password (for Internet use policy. 17 Configuring a Captive Portal This chapter describes how to configure the Captive Portal feature.
Page 450
... obtained for the Captive Portal feature. Table 17-1 shows the default values for identification. Figure 17-3. Note that interface is disabled by default. Default Captive Portal Welcome Screen The user types a name in a database or enter a password to gain network access. Table 17-1. By default, the user does not need to be configured to the...
... obtained for the Captive Portal feature. Table 17-1 shows the default values for identification. Figure 17-3. Note that interface is disabled by default. Default Captive Portal Welcome Screen The user types a name in a database or enter a password to gain network access. Table 17-1. By default, the user does not need to be configured to the...