Security
Management Access Authentication
•
Interface—Enter the interface number.
•
Applies to Source IP Address—Select the type of source IP address to which the access profile
applies. The Source IP Address field is valid for a subnetwork. Select one of the following values:
-
All—Applies to all types of IP addresses.
-
User Defined—Applies to only those types of IP addresses defined in the fields.
•
IP Version—Select the supported IP version of the source address: IPv6 or IPv4.
•
IP Address—Enter the source IP address.
•
Mask—Select the format for the subnet mask for the source IP address, and enter a value in one of the
field:
-
Network Mask—Select the subnet to which the source IP address belongs and enter the subnet
mask in dotted decimal format.
-
Prefix Length—Select the Prefix Length and enter the number of bits that comprise the source IP
address prefix.
STEP 5
Management Access Authentication
You can assign authentication methods to the various management access methods, such as SSH, console,
HTTP, and HTTPS. The authentication can be performed locally or on a RADIUS server.
If authorization is enabled, both the identity and read/write privileges of the user are verified. If authorization
is not enabled, only the identity of the user is verified.
The authorization/authentication method used is determined by the order that the authentication methods
are selected. If the first authentication method is not available, the next selected method is used. For
example, if the selected authentication methods are RADIUS and Local, and all configured RADIUS servers
are queried in priority order and do not reply, the user is authorized/authenticated locally.
If authorization is enabled, and an authentication method fails or the user has insufficient privilege level, the
user is denied access to the device. In other words, if authentication fails for an authentication method, the
device stops the authentication attempt; it does not continue and does not attempt to use the next
authentication method.
Similarly, if authorization is not enabled, and authentication fails for a method, the device stops the
authentication attempt.
Cisco Small Business 200 Series Smart Switch Administration Guide
Click Apply, and the rule is added to the access profile.
19
254