Configuration Guide User guide
BigIron RX Series Configuration Guide 53
53-1002484-04
Chapter
3
Securing Access to Management Functions
In this chapter
•Securing access methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
•Restricting remote access to management functions . . . . . . . . . . . . . . . . . 55
•Setting passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
•Setting up local user accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
•Configuring SSL security for the Web Management Interface . . . . . . . . . . . 73
•Configuring TACACS and TACACS+ security . . . . . . . . . . . . . . . . . . . . . . . . . . 75
•Configuring RADIUS security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
•Configuring authentication-method lists . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Securing access methods
This chapter explains how to secure access to management functions on the device.
NOTE
For the device, RADIUS Challenge is supported for 802.1x authentication but not for login
authentication. Also, multiple challenges are supported for TACACS+ login authentication.
The following table lists the management access methods available on the device, how they are
secured by default, and the ways in which they can be secured.
TABLE 35 Ways to secure management access to the device
Access method How the access method is
secured by default
Ways to secure the access method See page
Serial access to the CLI Not secured Establish passwords for management
privilege levels
page 64
Access to the Privileged EXEC
and CONFIG levels of the CLI
Not secured Establish a password for Telnet access
to the CLI
page 63
Establish passwords for management
privilege levels
page 64
Set up local user accounts page 67
Configure TACACS and TACACS+
security
page 75
Configure RADIUS security page 91