Netgear CSM4532 Software Administration Manual - Page 122
Controlling Management Access
View all Netgear CSM4532 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 122 highlights
4. Configuring Security Features 4.1. Controlling Management Access A user can access the switch management interface only after providing a valid user name and password combination that matches the user account information stored in the user database configured on the switch. The switch supports several features to increase management security and help prevent unauthorized access to the switch configuration interfaces. 4.1.1. Using RADIUS Servers for Management Security Many networks use a RADIUS server to maintain a centralized user database that contains per-user authentication information. RADIUS servers provide a centralized authentication method for: • Telnet Access • Console to Switch Access • Access Control Port (802.1X) RADIUS access control utilizes a database of user information on a remote server. Making use of a single database of accessible information-as in an Authentication Server-can greatly simplify the authentication and management of users in a large network. One such type of Authentication Server supports the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865. For authenticating users prior to access, the RADIUS standard has become the protocol of choice by administrators of large accessible networks. To accomplish the authentication in a secure manner, the RADIUS client and RADIUS server must both be configured with the same shared password or secret. This secret is used to generate one-way encrypted authenticators that are present in all RADIUS packets. The secret is never transmitted over the network. RADIUS conforms to a secure communications client/server model using UDP as a transport protocol. It is extremely flexible, supporting a variety of methods to authenticate and statistically track users. RADIUS is also extensible, allowing for new methods of authentication to be added without disrupting existing functionality. As a user attempts to connect to the switch management interface, the switch first detects the contact and prompts the user for a name and password. The switch encrypts the supplied information, and a RADIUS client transports the request to a pre-configured RADIUS server. NETGEAR M4500 Series Switches Software Administration Manual 122