BLADE OS™ Application Guide HP GbE2c Ethernet Blade Switch for c-Class BladeSystem Version 5.1 Advanced Functionality Software
Table Of Contents
- Contents
- Figures
- Tables
- Preface
- Part 1: Basic Switching
- Accessing the Switch
- The Management Network
- Local Management Using the Console Port
- The Command Line Interface
- Remote Management Access
- Client IP Address Agents
- Securing Access to the Switch
- Setting Allowable Source IP Address Ranges
- RADIUS Authentication and Authorization
- TACACS+ Authentication
- LDAP Authentication and Authorization
- Secure Shell and Secure Copy
- Configuring SSH/SCP Features on the Switch
- Configuring the SCP Administrator Password
- Using SSH and SCP Client Commands
- SSH and SCP Encryption of Management Messages
- Generating RSA Host and Server Keys for SSH Access
- SSH/SCP Integration with Radius Authentication
- SSH/SCP Integration with TACACS+ Authentication
- End User Access Control
- Ports and Trunking
- Port-Based Network Access Control
- VLANs
- Spanning Tree Protocol
- RSTP and MSTP
- Link Layer Discovery Protocol
- Quality of Service
- Accessing the Switch
- Part 2: IP Routing
- Basic IP Routing
- Routing Information Protocol
- IGMP
- OSPF
- OSPF Overview
- OSPF Implementation in BLADE OS
- OSPF Configuration Examples
- Remote Monitoring
- Part 3: High Availability Fundamentals
- High Availability
- Layer 2 Failover
- Server Link Failure Detection
- VRRP Overview
- Failover Methods
- BLADE OS Extensions to VRRP
- Virtual Router Deployment Considerations
- High Availability Configurations
- High Availability
- Part 4: Appendices
- Index
BLADE OS 5.1 Application Guide
60 Chapter 1: Accessing the Switch BMD00113, September 2009
End User Access Control
BLADE OS allows an administrator to define end user accounts that permit end users to perform
operation tasks via the switch CLI commands. Once end user accounts are configured and enabled,
the switch requires username/password authentication.
The user types listed in Table 6 can be assigned to individual users:
For example, an administrator can assign an end user login as an operator, who can then log into the
switch and perform operational commands (effective only until the next switch reboot).
Considerations for Configuring End User Accounts
A maximum of 10 user IDs are supported on the switch.
BLADE OS supports end user support for Console, Telnet, BBI, and SSHv1/v2 access to the
switch.
If RADIUS authentication is used, the user password on the Radius server will override the
user password on the GbE2c. Also note that the password change command on the switch only
modifies the use switch password and has no effect on the user password on the Radius server.
Radius authentication and user password cannot be used concurrently to access the switch.
Passwords can be up to 128 characters in length for TACACS, RADIUS, Telnet, SSH,
Console, and Web access.
Table 6 User Access Levels
User Type Description and Tasks Performed
User The User has no direct responsibility for switch management. He or she can view
all switch status information and statistics but cannot make any configuration
changes to the switch.
Operator The Operator manages all functions of the switch. The Operator can reset ports or
the entire switch.
Administrator The super-user Administrator has complete access to all menus, information, and
configuration commands on the switch, including the ability to change both the
user and administrator passwords.