• Author : Wenyi Cheng

 
 

Syslog with TLS support

Description This feature adds TLS support to the existing syslog logging mechanism. With the new added CLI commands, the user can specify an SSL profile when configuring a remote syslog server. Once configured, any traffic between the Arista device and the syslog server will be sent over TLS connections. By using TLS connections, syslog is better protected against attacks and information leakage. Platform compatibility This feature is compatible on all platforms. Configuration CLI command A remote syslog server can be configured with an SSL profile using the following CLI command: switch(config)#logging host test.example.com 1234 protocol tls ssl-profile test-profile In this...
Continue reading →

TACACS+ RBAC Support

Role-based access control (RBAC) is an approach to regulating access to network resources based on the roles of individual users. Each user has one or more roles. Each role has its own rules which indicate the allowed and denied commands under specified mode. Commands authorization of a user is performed based on these rules. TACACS+ RBAC allows users to configure roles on TACACS servers and rules on switches, which is a much more scalable solution than local RBAC. Roles can be set and modified on the server side once and applied to all switches who connect to the server, instead...
Continue reading →

Usage of RADIUS VSAs in Role-Based Access Control

Role-based access control (RBAC) is an approach to regulating access to network resources based on the roles of individual users. Each user has one or more roles. Each role has its own rules which indicate the allowed and denied commands under specified mode. Commands authorization of a user is performed based on these rules. RADIUS RBAC allows users to configure roles and rules by using Vender-Specific Attributes (VSAs) on the RADIUS server side, which is a much more scalable solution than local RBAC. Configurations can be set and modified on the server side once and applied to all switches who...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: