Home » HP Manuals » Servers » HP Mellanox SX1018 » Manual Viewer

HP Mellanox SX1018 Mellanox MLNX-OS® User Manualfor SX1018HP Ethernet - Page 55

Tacacs, 10.1.3 Ldap

Add to My Manuals
Save this manual to your list of manuals

Page 55 highlights

Rev 1.6.9 It is used for several reasons: • RADIUS facilitates centralized user administration • RADIUS consistently provides some level of protection against an active attacker For information on the RADIUS commands, please refer to Mellanox MLNX-OS Command Reference Guide. 4.10.1.2 TACACS+ TACACS (Terminal Access Controller Access Control System), widely used in network environments, is a client/server protocol that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. It is commonly used for providing NAS (Network Access Security). NAS ensures secure access from remotely connected users. TACACS implements the TACACS Client and provides the AAA (Authentication, Authorization and Accounting) functionalities. TACACS is used for several reasons: • Facilitates centralized user administration • Uses TCP for transport to ensure reliable delivery • Supports inbound authentication, outbound authentication and change password request for the authentication service • Provides some level of protection against an active attacker For information on the TACACS+ commands, please refer to Mellanox MLNX-OS Command Reference Guide. 4.10.1.3 LDAP LDAP (Lightweight Directory Access Protocol) is an authentication protocol that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system. LDAP is based on a client/server model. The switch acts as a client to the LDAP server. A remote user (the remote administrator) interacts only with the switch, not the back-end server and database. LDAP authentication consists of the following components: • A protocol with a frame format that utilizes TCP over IP • A centralized server that stores all the user authorization information • A client: in this case, the switch Each entry in the LDAP server is referenced by its Distinguished Name (DN). The DN consists of the user-account name concatenated with the LDAP domain name. If the user-account name is John, the following is an example DN: uid=John,ou=people,dc=domain,dc=com For information on the LDAP commands, please refer to Mellanox MLNX-OS Command Reference Guide. Mellanox Technologies 55 Mellanox Technologies Confidential

Section	Page
Mellanox MLNX-OS® User Manual for SX1018HP Ethernet Managed Blade Switch	1
Document Revision History	6
About this Manual	7
1 Introduction	10
1.1 MLNX-OS Features	10
2 Getting Started	12
2.1 Configuring the Switch for the First Time	12
2.1.1 Re-Running the Wizard	17
2.2 Starting the Command Line (CLI)	17
2.3 Starting the Web Interface	18
2.4 Licenses	19
2.4.1 Installing MLNX-OS® License (CLI)	20
2.4.2 Installing MLNX-OS License (Web)	20
2.4.3 Retrieving a Lost License Key	23
3 User Interfaces	24
3.1 Command Line Interface (CLI)	24
3.1.1 CLI Modes	24
3.1.2 Syntax Conventions	25
3.1.3 Getting Help	25
3.1.4 Prompt and Response Conventions	26
3.1.5 Using the “no” Form	27
3.1.6 Parameter Key	28
3.2 Web Interface	29
3.2.1 Setup Menu	30
3.2.2 System Menu	31
3.2.3 Security Menu	32
3.2.4 Ports Menu	32
3.2.5 Status Menu	33
3.2.6 IB SM Mgmt	33
3.2.7 Fabric Inspector	34
3.2.8 ETH Mgmt	35
4 System Management	36
4.1 Management Interface	36
4.1.1 Configuring Management Interfaces with Static IP Addresses	36
4.1.2 Configuring IPv6 Address on the Management Interface	36
4.1.3 Dynamic Host Configuration Protocol (DHCP)	36
4.1.4 Default Gateway	37
4.1.5 In-Band Management	37
4.2 Software Management	38
4.2.1 Upgrading MLNX-OS® Software	38
4.2.2 Deleting Unused Images	42
4.2.3 Downgrading MLNX-OS Software	42
4.2.3.1 Downloading Image	43
4.2.3.2 Downgrading Image	43
4.2.3.3 Switching to Partition with Older Software Version	45
4.2.4 Upgrading System Firmware	45
4.2.4.1 After Updating MLNX-OS Software	45
4.2.4.2 Importing Firmware and Changing the Default Firmware	46
4.3 File Management	46
4.3.1 Saving a Configuration File	46
4.3.2 Loading a Configuration File	47
4.3.3 Restoring Factory Default Configuration on a Switch System (Single Management Module)	47
4.4 Managing Configuration Files	47
4.4.1 BIN Configuration Files	48
4.4.2 Text Configuration Files	48
4.5 Logging	49
4.5.1 Monitor	49
4.5.2 Remote Logging	49
4.6 Event Notifications	49
4.6.1 Supported Events	50
4.6.2 SNMP Trap Notifications	51
4.6.3 Terminal Notifications	51
4.6.4 Email Notifications	51
4.7 USB Support	53
4.7.1 Accessing a USB Device for Read/Write	53
4.8 Diagnostics	53
4.8.1 Retrieving Return Codes when Executing Remote Commands	53
4.9 mDNS	53
4.10 User Management and Security	54
4.10.1 Authentication, Authorization and Accounting (AAA)	54
4.10.1.1 RADIUS	54
4.10.1.2 TACACS+	55
4.10.1.3 LDAP	55
4.10.2 Secure Shell (SSH)	56
4.10.2.1 Adding a Host and Providing an SSH Key	56
4.10.3 User Accounts	56
4.11 Network Management Interfaces	57
4.11.1 SNMP	57
4.11.1.1 Standard MIBs	57
4.11.1.2 Private MIB	59
4.11.1.3 Mellanox Private Traps	59
4.11.1.4 Configuring SNMP	60
4.11.1.5 Configuring an SNMPv3 User	60
4.11.1.6 Configuring an SNMP Notification	61
4.11.2 MLNX-OS XML API	62
5 Ethernet Switching	63
5.1 Interface	63
5.1.1 Break-Out Cables	63
5.1.1.1 Changing the Module Type to a Split Mode	65
5.1.1.2 Unsplitting a Split Port	65
5.2 Link Aggregation Group (LAG)	66
5.2.1 Configuring Static Link Aggregation Group (LAG)	66
5.2.2 Configuring Link Aggregation Control Protocol (LACP)	67
5.3 VLANs	67
5.3.1 Configuring Access Mode and Assigning Port VLAN ID (PVID)	68
5.3.2 Configuring Hybrid Mode and Assigning Port VLAN ID (PVID)	68
5.3.3 Configuring Trunk Mode VLAN Membership	69
5.3.4 Configuring Hybrid Mode VLAN Membership	69
5.4 MAC Address Table	70
5.4.1 Configuring Unicast Static MAC Address	70
5.5 Spanning Tree	70
5.5.1 Port Priority and Cost	71
5.5.2 Port Type	71
5.5.3 BPDU Filter	71
5.5.4 Loop Guard	72
5.5.5 Root Guard	72
5.6 IGMP Snooping	72
5.6.1 Configuring IGMP Snooping	73
5.6.2 Defining a Multicast Router Port on a VLAN	73
5.7 Link Layer Discovery Protocol (LLDP)	74
5.7.1 Configuring LLDP	74
5.8 Quality of Service (QoS)	75
5.8.1 Priority Flow Control and Link Level Flow Control	75
5.8.2 Enhanced Transmission Selection (ETS)	77
5.9 Access Control List	79
5.9.1 Configuring Access Control List	79
5.9.2 ACL Actions	80
5.10 Port Mirroring	80
5.10.1 Mirroring Sessions	81
5.10.1.1 Source Interface	81
5.10.1.2 Destination Interface	82
5.10.1.3 Header Format	83
5.10.1.4 Congestion Control	83
5.10.1.5 Truncation	84
5.10.2 Configuring Mirroring Sessions	84
5.10.3 Verifying Mirroring Sessions	85
5.11 sFlow	86
5.11.1 Flow Samples	86
5.11.2 Statistical Samples	87
5.11.3 sFlow Datagrams	87
5.11.4 Sampled Interfaces	87
5.11.5 Configuring sFlow	87

Match case Limit results 1 per page

Rev 1.6.9

Mellanox Technologies

Mellanox Technologies Confidential

It is used for several reasons:

•

RADIUS facilitates centralized user administration

•

RADIUS consistently provides some level of protection against an active attacker

For information on the RADIUS commands, please refer to

Mellanox MLNX-OS Command Ref-

erence Guide

4.10.1.2 TACACS+

TACACS (Terminal Access Controller Access Control System), widely used in network environ-

ments, is a client/server protocol that enables remote access servers to communicate with a cen-

tral server to authenticate dial-in users and authorize their access to the requested system or

service. It is commonly used for providing NAS (Network Access Security). NAS ensures secure

access from remotely connected users. TACACS implements the TACACS Client and provides

the AAA (Authentication, Authorization and Accounting) functionalities.

TACACS is used for several reasons:

•

Facilitates centralized user administration

•

Uses TCP for transport to ensure reliable delivery

•

Supports inbound authentication, outbound authentication and change password request

for the authentication service

•

Provides some level of protection against an active attacker

For information on the TACACS+ commands, please refer to

Mellanox MLNX-OS Command

Reference Guide

4.10.1.3 LDAP

LDAP (Lightweight Directory Access Protocol) is an authentication protocol that allows a

remote access server to forward a user's logon password to an authentication server to determine

whether access can be allowed to a given system. LDAP is based on a client/server model. The

switch acts as a client to the LDAP server. A remote user (the remote administrator) interacts

only with the switch, not the back-end server and database.

LDAP authentication consists of the following components:

•

A protocol with a frame format that utilizes TCP over IP

•

A centralized server that stores all the user authorization information

•

A client: in this case, the switch

Each entry in the LDAP server is referenced by its Distinguished Name (DN). The DN consists

of the user-account name concatenated with the LDAP domain name. If the user-account name is

John, the following is an example DN:

uid=John,ou=people,dc=domain,dc=com

For information on the LDAP commands, please refer to

Mellanox MLNX-OS Command Refer-

ence Guide

HP Mellanox SX1018 Mellanox MLNX-OS&#174; User Manualfor SX1018HP Ethernet - Page 55

Tacacs, 10.1.3 Ldap

Page 55 highlights

HP Mellanox SX1018 Mellanox MLNX-OS® User Manualfor SX1018HP Ethernet - Page 55