Specifications

Management Access Security

ExtremeWare XOS 11.0 Concepts Guide 167

When the policy is refreshed, the new policy file is read, processed, and stored in the server database.

Any clients that use the policy will also be updated. Use the following command to refresh the policy:

refresh policy <policy-name>

Management Access Security

Management access security features control access to the management functions available on the

switch. These features help insure that any configuration changes to the switch can be done only by

authorized users. In this category are the following features:

• Authenticating Users Using RADIUS or TACACS+ on page 167

• Secure Shell 2 on page 170

Authenticating Users Using RADIUS or TACACS+

ExtremeWare XOS provides three methods to authenticate users who login to the switch:

• RADIUS

• TACACS+

• Local database of accounts and passwords

RADIUS

Remote Authentication Dial In User Service (RADIUS), in RFC 2138, is a mechanism for authenticating

and centrally administrating access to network nodes. The ExtremeWare XOS RADIUS implementation

allows authentication for Telnet or console access to the switch.

NOTE

You cannot configure RADIUS and TACACS+ at the same time.

You define a primary and secondary RADIUS server for the switch to contact. When a user attempts to

to the secondary RADIUS server, if the primary does not respond. If the RADIUS client is enabled, but

access to the RADIUS primary and secondary server fails, the switch uses its local database for

authentication.

The privileges assigned to the user (admin versus nonadmin) at the RADIUS server take precedence

over the configuration in the local switch database.

To configure the RADIUS servers, use the following command:

configure radius [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>}

client-ip [<ipaddress>] {vr <vr_name>}

To configure the timeout if a server fails to respond, use the following command:

configure radius timeout <seconds>