Overview – Allied Telesis AT-S63 User Manual

Page 431

Advertising
background image

AT-S63 Management Software Features Guide

Section IX: Management Security

431

Overview

TACACS+ and RADIUS are authentication protocols that can enhance the
security of your network. In general terms, these authentication protocols
transfer the task of authenticating network access from a network device
to an authentication protocol server.

The AT-S63 software comes with TACACS+ and RADIUS client software.
You can use the client software to add two security features to the switch.
The first feature, described in this chapter, creates new manager accounts
for controlling who can log onto a switch to change its parameter settings.
The second feature is 802.1x Port-based Access Control, explained in
Chapter 32, “802.1x Port-based Network Access Control” on page 361,
which controls access to the ports on the switch by the end users and end
nodes.

This chapter explains the manager accounts feature. The AT-S63
Management Software has two standard manager login accounts:
manager and operator. The manager account lets you change a switch’s
parameter settings while the operator account lets you view the settings,
but not change them. Each account has its own password. The manager
account has a default password of “friend” and the operator account has a
default password “operator.”

For those networks managed by just one or two network managers, you
might not need any additional accounts. However, for larger networks that
are managed by several network managers, you might want to give the
managers their own management login accounts on the switches rather
than have them share accounts.

This is where TACACS+ and RADIUS can be useful. TACACS+ is an
acronym for Terminal Access Controller Access Control System. RADIUS
is an acronym for Remote Authentication Dial In User Services. These are
authentication protocols. You can use protocols to transfer the task of
validating management access from the AT-9400 Switch to an
authentication protocol server, and so be able to create your own manager
accounts.

With these protocols you can create a series of username and password
combinations that define who can manage the AT-9400 Switch.

There are three basic functions an authentication protocol provides:

ˆ

Authentication

ˆ

Authorization

ˆ

Accounting

Advertising
Popular Brands
Popular manuals