Dell PowerSwitch S5212F-ON SmartFabric OS10 Security Best Practices Guide July - Page 11
Management plane, Role-based access control
![]() |
View all Dell PowerSwitch S5212F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 11 highlights
• To display which MAC address causes a violation, use the log option. The system also drops the packet. OS10(config-if-port-sec)#mac-move violation log • To drop the packet when a MAC address movement violation occurs, use the drop option. OS10(config-if-port-sec)#mac-move violation drop • To shut down the original interface that learned the MAC address on a MAC movement violation, use the shutdown-original option. OS10(config-if-port-sec)#mac-move violation shutdown-original • To shut down the interface that detected a MAC address that is already learned by another interface, use the shutdown- offending option. OS10(config-if-port-sec)#mac-move violation shutdown-offending • To shut down both original and offending interfaces, use the shutdown-both option. OS10(config-if-port-sec)#mac-move violation shutdown-both Management plane These settings are applicable to services, settings, and configuration services of OS10. Role-based access control Role-based access control (RBAC) provides control for access and authorization. Users are granted permissions based on defined roles. Create user roles based on job functions to allow users appropriate system access. A user can be assigned only a single role, and many users can have the same role. A user role authenticates and authorizes a user at login. Enable AAA login authentication Rationale: Authentication, authorization, and accounting (AAA) services secure networks against unauthorized access. AAA is a centralized means of access control to users who want to access the system. Configuration: OS10(config)# aaa authentication login {console | default} local OS10(config)# exit OS10# write memory • console-Configure authentication methods for console logins. • default-Configure authentication methods for SSH and Telnet logins. • local-Use the local username, password, and role entries configured with the username password role command. Enable AAA login authentication with a fallback option Rationale: Configuring AAA authentication with a fallback option provides resiliency while authentication. If one method fails, the system uses the other method of authentication. Configuration: OS10(config)# aaa authentication login {console | default} {local | group radius | group tacacs+} OS10(config)# exit OS10# write memory • console-Configure authentication methods for console logins. • default-Configure authentication methods for SSH and Telnet logins. • local-Use the local username, password, and role entries configured with the username password role command. • group radius-Use the RADIUS servers configured with the radius-server host command. • group tacacs+-Use the TACACS+ servers configured with the tacacs-server host command. The authentication methods in the method list work in the order they are configured. OS10 security best practices 11
![](/manual_guide/products/dell-mx5108n-smartfabric-os10-security-best-practices-guide-2020-c2fefbc/11.png)