Home > Cisco > Switch > Cisco Sg3008 Manual

Cisco Sg3008 Manual

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Sg3008 Manual. The Cisco manuals for Switch are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 371

    Page 371 Security Configuring TACACS+ 334 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 18 The following information is sent to the TACACS+ server by the device when a user logs in or out: Defaults The following defaults are relevant to this feature: •No default TACACS+ server is defined by default. •If you configure a TACACS+ server, the accounting feature is disabled by default. Interactions With Other Features You cannot enable accounting on both a... 
    Security
Configuring TACACS+
334 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
18
The following information is sent to the TACACS+ server by the device when a 
user logs in or out:
Defaults
The following defaults are relevant to this feature:
•No default TACACS+ server is defined by default. 
•If you configure a TACACS+ server, the accounting feature is disabled by 
default.
Interactions With Other Features
You cannot enable accounting on both a...

    Page 372

    Page 372 Security Configuring TACACS+ Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 335 18 STEP 3Select TA C A C S + in the Management Access Authentication page, so that when a user logs onto the device, authentication is performed on the TACACS+ server instead of in the local database. NOTEIf more than one TACACS+ server has been configured, the device uses the configured priorities of the available TACACS+ servers to select the TACACS+ server to be... 
    Security
Configuring TACACS+
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  335
18
 
STEP  3Select TA C A C S + in the Management Access Authentication page, so that when a 
user logs onto the device, authentication is performed on the TACACS+ server 
instead of in the local database.
NOTEIf more than one TACACS+ server has been configured, the device uses the 
configured priorities of the available TACACS+ servers to select the TACACS+ 
server to be...

    Page 373

    Page 373 Security Configuring TACACS+ 336 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 18 •Source IPv4 —(In Layer 3 system mode only) Select the device IPv4 source interface to be used in messages sent for communication with the TA C A C S + s e r v e r. •Source IPv6 —(In Layer 3 system mode only) Select the device IPv6 source interface to be used in messages sent for communication with the TA C A C S + s e r v e r. NOTEIf the Auto option is... 
    Security
Configuring TACACS+
336 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
18
•Source IPv4 —(In Layer 3 system mode only) Select the device IPv4 
source interface to be used in messages sent for communication with the 
TA C A C S +  s e r v e r.  
•Source IPv6 —(In Layer 3 system mode only) Select the device IPv6 
source interface to be used in messages sent for communication with the 
TA C A C S +  s e r v e r.  
NOTEIf the Auto option is...

    Page 374

    Page 374 Security Configuring TACACS+ Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 337 18 •Priority—Enter the order in which this TACACS+ server is used. Zero is the highest priority TACACS+ server and is the first server used. If it cannot establish a session with the high priority server, the device tries the next highest priority server. •Source IP Address—(For SG500X devices and other devices in Layer 3 system mode). Select to use either the... 
    Security
Configuring TACACS+
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  337
18
 
•Priority—Enter the order in which this TACACS+ server is used. Zero is the 
highest priority TACACS+ server and is the first server used. If it cannot 
establish a session with the high priority server, the device tries the next 
highest priority server. 
•Source IP Address—(For SG500X devices and other devices in Layer 3 
system mode). Select to use either the...

    Page 375

    Page 375 Security Configuring RADIUS 338 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 18 Configuring RADIUS Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 802.1X or MAC-based network access control. The device is a RADIUS client that can use a RADIUS server to provide centralized security. An organization can establish a Remote Authorization Dial-In User Service (RADIUS) server to provide centralized 802.1X or MAC-based... 
    Security
Configuring RADIUS
338 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
18
Configuring RADIUS
Remote Authorization Dial-In User Service (RADIUS) servers provide a centralized 
802.1X or MAC-based network access control. The device is a RADIUS client that 
can use a RADIUS server to provide centralized security. 
An organization can establish a Remote Authorization Dial-In User Service 
(RADIUS) server to provide centralized 802.1X or MAC-based...

    Page 376

    Page 376 Security Configuring RADIUS Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 339 18 Interactions With Other Features You cannot enable accounting on both a RADIUS and TACACS+ server. Radius Workflow To user a RADIUS server, do the following: STEP 1Open an account for the device on the RADIUS server. STEP 2Configure that server along with the other parameters in the RADIUS and ADD RADIUS Server pages. NOTEIf more than one RADIUS server has been... 
    Security
Configuring RADIUS
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  339
18
 
Interactions With Other Features
You cannot enable accounting on both a RADIUS and TACACS+ server.
Radius Workflow
To user a RADIUS server, do the following:
STEP 1Open an account for the device on the RADIUS server.
STEP  2Configure that server along with the other parameters in the RADIUS and ADD 
RADIUS Server pages.
NOTEIf more than one RADIUS server has been...

    Page 377

    Page 377 Security Configuring RADIUS 340 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 18 •Dead Time—Enter the number of minutes that elapse before a non- responsive RADIUS server is bypassed for service requests. If the value is 0, the server is not bypassed. •Key String—Enter the default key string used for authenticating and encrypting between the device and the RADIUS server. This key must match the key configured on the RADIUS server. A key string is... 
    Security
Configuring RADIUS
340 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
18
•Dead Time—Enter the number of minutes that elapse before a non-
responsive RADIUS server is bypassed for service requests. If the value is 0, 
the server is not bypassed. 
•Key String—Enter the default key string used for authenticating and 
encrypting between the device and the RADIUS server. This key must match 
the key configured on the RADIUS server. A key string is...

    Page 378

    Page 378 Security Configuring RADIUS Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 341 18 -Global—The IPv6 address is a global Unicast IPV6 type that is visible and reachable from other networks. •Link Local Interface—Select the link local interface (if IPv6 Address Type Link Local is selected) from the list. •Server IP Address/Name—Enter the RADIUS server by IP address or name. •Priority—Enter the priority of the server. The priority determines the... 
    Security
Configuring RADIUS
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  341
18
 
-Global—The IPv6 address is a global Unicast IPV6 type that is visible and 
reachable from other networks.
•Link Local Interface—Select the link local interface (if IPv6 Address Type 
Link Local is selected) from the list. 
•Server IP Address/Name—Enter the RADIUS server by IP address or 
name.
•Priority—Enter the priority of the server. The priority determines the...

    Page 379

    Page 379 Security Management Access Method 342 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 18 -All—RADIUS server is used for authenticating user that ask to administer the device and for 802.1X authentication. STEP 6To display sensitive data in plaintext form in the configuration file, click Display Sensitive Data As Plaintext. STEP 7Click Apply. The RADIUS server definition is added to the Running Configuration file of the device. Management Access... 
    Security
Management Access Method
342 Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 
18
-All—RADIUS server is used for authenticating user that ask to administer 
the device and for 802.1X authentication.
STEP  6To display sensitive data in plaintext form in the configuration file, click Display 
Sensitive Data As Plaintext.
STEP  7Click Apply. The RADIUS server definition is added to the Running Configuration 
file of the device.
Management Access...

    Page 380

    Page 380 Security Management Access Method Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 343 18 •Source IP Address—IP addresses or subnets. Access to management methods might differ among user groups. For example, one user group might be able to access the device module only by using an HTTPS session, while another user group might be able to access the device module by using both HTTPS and Telnet sessions. Active Access Profile The Access Profiles page... 
    Security
Management Access Method
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version)  343
18
 
•Source IP Address—IP addresses or subnets. Access to management 
methods might differ among user groups. For example, one user group 
might be able to access the device module only by using an HTTPS 
session, while another user group might be able to access the device 
module by using both HTTPS and Telnet sessions.
Active Access Profile
The Access Profiles page...
    Start reading Cisco Sg3008 Manual

    Related Manuals for Cisco Sg3008 Manual

    All Cisco manuals