Dell PowerSwitch S4128F-ON SmartFabric OS10 Security Best Practices Guide July - Page 13
Access rules
View all Dell PowerSwitch S4128F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 13 highlights
• hostname-Enter the hostname of the RADIUS server. • ip-address-Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the RADIUS server. • tls security-profile profile-name-Enter the security profile to use the X.509v3 certificate on the switch to use for TLS authentication with a RADIUS server. • key 0 authentication-key-Enter an authentication key in plain text. A maximum of 42 characters. • key 9 authentication-key-Enter an authentication key in encrypted format. A maximum of 128 characters. • authentication-key-Enter an authentication in plain text. A maximum of 42 characters. It is not necessary to enter 0 before the key. • auth-port port-number-(Optional) Enter the UDP port number used on the server for authentication, from 0 to 65535, default 1812. • key authentication-key-(Optional) Enter the authentication key to authenticate the switch on the server. A maximum of 42 characters; default radius_secure. Configure RADIUS authentication retries Rationale: Configure the number of times OS10 retransmits a RADIUS authentication request. To avoid unnecessary retries, configure a lower value. Configuration: OS10(config)# radius-server retransmit retries OS10(config)# exit OS10# write memory retries-Enter the number of retry attempts, from 0 to 100. Configure TACACS+ authentication Rationale: Configure the global timeout used to wait for an authentication response from TACACS+ servers. To avoid long waiting, configure a lower value. Configuration: OS10(config)# tacacs-server host {hostname | ip-address} key {0 authentication-key | 9 authentication-key | authentication-key} [auth-port port-number] OS10(config)# exit OS10# write memory • hostname-Enter the hostname of the RADIUS server. • ip-address-Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the RADIUS server. • 0 authentication-key-Enter an authentication key in plain text. A maximum of 42 characters. • 9 authentication-key-Enter an authentication key in encrypted format. A maximum of 128 characters. • authentication-key-Enter an authentication in plain text. A maximum of 42 characters. It is not necessary to enter 0 before the key. • auth-port port-number-(Optional) Enter the UDP port number used on the server for authentication, from 0 to 65535, default 1812. • authentication-key-(Optional) Enter the authentication key used to authenticate the switch on the server. A maximum of 42 characters; default radius_secure. Configure TACACS+ authentication response timer Rationale: Configure the global timeout used to wait for an authentication response from TACACS+ servers. To avoid long waiting, configure a lower value. Configuration: OS10(config)# tacacs-server timeout seconds OS10(config)# exit OS10# write memory seconds-Enter the timeout period used to wait for an authentication response from a TACACS+ server, from 1 to 1000 seconds. Access rules Configure secure access rules. Enable only SSH for remote system access OS10 security best practices 13