Switch access with domain credentials.

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered
Guys,
 I am new to the Extreme line of switches and looking for direction.  I have been hired as the network admin for a school system and have found that all of the switches (156) are configured with weak admin passwords and no session logging. I want to be able to get these switches setup for access using domain credentials and session logging per user for monitoring "who changed what and when". All of our switches are C3G124 running firmware of 06.61.14.0006. Thanks for any guidance.
Photo of Thomas Maddox

Thomas Maddox

  • 432 Points 250 badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Christoph

Christoph

  • 1,842 Points 1k badge 2x thumb
Hello Thomas,

with RADIUS login this is possible. Take al look at https://community.extremenetworks.com/extreme/topics/radius_authenticate_just_management_or_network_...

Kind regrads
Christoph
Photo of Curtis Parish

Curtis Parish

  • 3,332 Points 3k badge 2x thumb
"who changed what and when"

I am not sure you can log changes on a C3.  You can log set commands on N and S series.   
Photo of James A

James A, Embassador

  • 7,338 Points 5k badge 2x thumb
TACACS+ can log (and authorize) on a per-command basis, and I believe the C3 supports this feature (not that I've ever used it).
Photo of Curtis Parish

Curtis Parish

  • 3,332 Points 3k badge 2x thumb
I do not know about TACACS+  but you can set the CLI application syslog level to 8
 on S and N chassis and the set commands will be sent to syslog. 
(Edited)
Photo of Thomas Maddox

Thomas Maddox

  • 432 Points 250 badge 2x thumb
I forgot to come back to update the post.  I decided to use RADIUS for access authentication and it is working great. I am however looking into utilizing TACACS+ for accounting. Is it possible to utilize only the accounting feature provided by TACACS+ and utilize RADIUS for authentication or do I need to use TACACS for all?