Header Only - DO NOT REMOVE - Extreme Networks

Switch access with domain credentials.


Userlevel 1
Guys,
I am new to the Extreme line of switches and looking for direction. I have been hired as the network admin for a school system and have found that all of the switches (156) are configured with weak admin passwords and no session logging. I want to be able to get these switches setup for access using domain credentials and session logging per user for monitoring "who changed what and when". All of our switches are C3G124 running firmware of 06.61.14.0006. Thanks for any guidance.

5 replies

Userlevel 3
Hello Thomas,

with RADIUS login this is possible. Take al look at https://community.extremenetworks.com/extreme/topics/radius_authenticate_just_management_or_network_...

Kind regrads
Christoph
Userlevel 4
"who changed what and when"

I am not sure you can log changes on a C3. You can log set commands on N and S series.
Curtis Parish wrote:

"who changed what and when"

I am not sure you can log changes on a C3. You can log set commands on N and S series.

TACACS+ can log (and authorize) on a per-command basis, and I believe the C3 supports this feature (not that I've ever used it).
Userlevel 4
Curtis Parish wrote:

"who changed what and when"

I am not sure you can log changes on a C3. You can log set commands on N and S series.

I do not know about TACACS+ but you can set the CLI application syslog level to 8
on S and N chassis and the set commands will be sent to syslog.
Userlevel 1
I forgot to come back to update the post. I decided to use RADIUS for access authentication and it is working great. I am however looking into utilizing TACACS+ for accounting. Is it possible to utilize only the accounting feature provided by TACACS+ and utilize RADIUS for authentication or do I need to use TACACS for all?

Reply