Chapter 2. IBM System Networking Switch 10Gb Ethernet switch features 91
User access control
IBM System Networking switch allows an administrator to define user accounts that permit
users to perform operation tasks through the switch CLI commands. After user accounts are
configured and enabled, the switch requires user name and password authentication.
For example, an administrator can assign a user, who can then log on to the switch and
perform operational commands (effective only until the next switch reboot).
Considerations for configuring user accounts
Consider the following items when configuring use accounts:
A maximum of 10 user IDs are supported on the switch.
IBM System Networking switch supports user support for Console, Telnet, BBI, and
SSHv1/v2 access to the switch.
If RADIUS authentication is used, the user password on the Radius server overrides the
user password on the switch. The password change command modifies only the user
switch password on the switch and has no effect on the user password on the Radius
server. Radius authentication and user password cannot be used concurrently to access
the switch.
Passwords can be up to 128 characters in length for TACACS, RADIUS, Telnet, SSH,
Console, and web access.
Protected Mode
Protected Mode settings (available only for Virtual Fabric 10Gb Switch Module for IBM
BladeCenter) allow the switch administrator to block the management module from making
configuration changes that affect switch operation. The switch retains control over
those functions.
The following management module functions are disabled when Protected Mode is turned on:
External Ports: Enabled/Disabled
External management over all ports: Enabled/Disabled
Restore Factory Defaults
New Static IP Configuration
In IBM Networking OS V6.5, the configuration of these functions is restricted to the local
switch when you turn Protected Mode on. With new releases, the number of functions over
which you have an individual control is increasing.
2.8.3 Authentication and authorization protocols
In this section, we provide information about the two most common authentication and
authorization protocols (Radius and TACACS+) and support for those protocols on IBM
System Networking switches.
Protected mode: Before you turn Protected Mode on, make sure that external
management (Telnet) access to one of the switch’s IP interfaces is enabled.
Get Implementing IBM System Networking 10Gb Ethernet Switches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
