Authentication Profile Mapping on SFE/SGE Managed Switches

Objective

Authentication Profile controls how the clients are authenticated on a device. User authentication can be performed locally or with an external server. After the definition of the authenticated profile, they need to be mapped to the management access methods. HTTP is used to transmit and receive information across the Internet; whereas Secure HTTP is used to exchange confidential information with a server, which needs to be secure in order to prevent unauthorized access.

This article explains how to configure authentication profile mapping on SFE/SGE managed switches.

Applicable Devices

• SFE/SGE Series Switches

Software Version

• v3.0.2.0

Authentication Profile Map

Step 1. Log in to the web configuration utility and choose Security > Authentication > Mapping Profiles. The Mapping Profiles page opens:

Step 2. Choose the console user to be authenticated by the use of the authentication profile from the Console drop-down list. Console is a graphical user interface (GUI) which is used to change the switch configuration and monitor network conditions and statistics. It is an embedded HTML code burned in the flash memory.

Step 3. Choose the telnet user to be authenticated from the Telnet drop-down list. Telnet is a protocol that allows you to connect to remote computers (hosts) over a TCP/IP network (such as the Internet).

Step 4. Choose the secure telnet user to be authenticated from the Secure Telnet (SSH) drop-down list. SSH (Secure Shell) provides an encrypted channel to log into another computer over a network and execute commands on a remote computer. This allows for file transfers from one computer to another.

Secure HTTP

The Secure HTTP area is used to configure the secure HTTP settings of the device.

The Optional Methods section has a list of available authentication methods which can be selected for authentication.

• Local — The authentication is done by the device, where it checks the username and password for authentication.

• RADIUS — The authentication is done by the Remote Authorization Dial-In User Service (RADIUS) servers which provide additional security for the networks.

• TACACS+ — The authentication is done by the Terminal Access Controller Access Control System (TACACS+) which provide centralized security user access validation.

• None — There is no authentication method for the device.

The Selected Methods area has a list of authentication methods that has been selected for authentication.

Step 5. Choose the authentication methods you wish to apply from the Optional Methods section and click the >> button. 

Step 6. (Optional) To remove the authentication methods from the selected methods, click the << button.

Note: If you do not want to configure HTTP methods, skip to Step 9.

HTTP

The HTTP area is used to configure the HTTP settings of the device.

The Optional Methods area has a list of available authentication methods which can be selected for authentication.

• Local — The authentication is done by the device, where it checks the username and password for authentication.

• RADIUS — The authentication is done by the Remote Authorization Dial-In User Service (RADIUS) servers which provide additional security for the networks.

• TACACS+ — The authentication is done by the Terminal Access Controller Access Control System (TACACS+) which provide centralized security user access validation.

• None — There is no authentication method for the device.

The Selected Methods area has a list of authentication methods that has been selected for authentication.

Step 7. Choose the authentication methods you wish to apply from the Optional Methods section and click the >> button.

Step 8. (Optional) To remove the authentication methods from the selected methods click the << button.

Step 9. To confirm these settings click Apply.

Caution: This only saves your configuration to the running configuration file. This means that any changes made will be lost if the device is rebooted. If you wish to save these changes even after a system reboot, you need to copy the running configuration file to the startup configuration file. See Copy Configuration File on SFE/SGE Series Managed Switches for more information about how to do this.