Versionen im Vergleich

Alte Version 3

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Seiteneigenschaften



Description:
This document describes how you configure the access rights on LANCOM devices.


Requirements:


For LANCOM routers, WLCs and access points:

1) Open the configuration for your LANCOM device in LANconfig and switch to the menu item Management
->
Admin
->
Access settings
->
Access rights.
Note:
Info

The button Further administrators gives you the option to configure your LANCOM router with several administrators, each with different access rights and privileges. Instructions are available in

the following

this Knowledge Base document

Image Removed

.

2) Select the interface for which you wish to configure the access rights.
Image Removed
Image Added
3) Set the desired access right for each of the protocols. You can select from:
  • Allowed
  • Denied
  • Read only
  • Only via VPN
When assigning the access rights to a WAN interface, only the access rights "only via VPN" or "not allowed" should be used for all unsafe protocols (HTTP, Telnet, SNMPv1 / v2 and TFTP) for security reasons.
The encrypted services SSH, HTTPS and SNMPv3 can be granted the access rights "allowed" or "read only".
Image Removed
Image Added
4) On
the
the SSH tab, set the access right for the SSH protocol. The SSH protocol allows authentication by password or by using a public key.
Note:
Info

How you can use the free SSH client PuTTY to set up an SSH login to a LANCOM router with public-key authentication is described in

the following

this Knowledge Base document

DokumentlinksymbolImage Removed

.

Image Removed
Image Added
5) A special filter list gives you an additional option
for
for restricting access to the internal functions of a device to specific IP addresses only. In LANconfig, the addresses that are to be permitted access are entered into the Access stations table located under Management
->
Admin.
If you add one or more access stations under "Management
->
Admin
->
Access stations", then only these stations have access to the configuration, even if all of the other protocols are enabled.
Image Removed
Image Added


For LANCOM switches of the GS-23xx series:
1) The
menu
menu Security
->
Auth method lets you set the authentication method for different protocols. You can select from:
  • None: Authentication disabled; it is not possible to login
  • Local: Use the local user database in the switch for authentication
  • RADIUS: Use a remote RADIUS server for authentication
  • TACACS+: Use a remote TACACS+ server for authentication
Image Removed
Image Added