IBM 12.1(22)EA6 User Manual

Contents

vi

Cisco Systems Intelligent Gigabit Ethernet Switch Modules for the IBM BladeCenter, Software Configuration Guide

24R9746

Identifying the TACACS+ Server Host and Setting the Authentication Key

5-12

Configuring TACACS+ Login Authentication

5-13

Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services

5-15

Starting TACACS+ Accounting

5-16

Displaying the TACACS+ Configuration

5-16

Controlling Switch Access with RADIUS

5-16

Understanding RADIUS

5-17

RADIUS Operation

5-18

Configuring RADIUS

5-19

Default RADIUS Configuration

5-19

Identifying the RADIUS Server Host

5-19

Configuring RADIUS Login Authentication

5-22

Defining AAA Server Groups

5-24

Configuring RADIUS Authorization for User Privileged Access and Network Services

5-26

Starting RADIUS Accounting

5-27

Configuring Settings for All RADIUS Servers

5-28

Configuring the Switch to Use Vendor-Specific RADIUS Attributes

5-28

Configuring the Switch for Vendor-Proprietary RADIUS Server Communication

5-29

Displaying the RADIUS Configuration

5-30

Configuring the Switch for Local Authentication and Authorization

5-31

Configuring the Switch for Secure Shell

5-32

Understanding SSH

5-32

SSH Servers, Integrated Clients, and Supported Versions

5-32

Limitations

5-33

Configuring SSH

5-33

Configuration Guidelines

5-33

Cryptographic Software Image Guidelines

5-34

Setting Up the Switch to Run SSH

5-34

Configuring the SSH Server

5-35

Displaying the SSH Configuration and Status

5-36

C H A P T E R

6

Configuring IEEE 802.1x Port-Based Authentication

6-1

Understanding IEEE 802.1x Port-Based Authentication

6-1

Device Roles

6-2

Authentication Initiation and Message Exchange

6-3

Ports in Authorized and Unauthorized States

6-4

IEEE 802.1x Accounting

6-5

IEEE 802.1x Accounting Attribute-Value Pairs

6-5

IEEE 802.1x Host Mode

6-6