Allied Telesis AT-S63 User Manual

Page 832

Advertising
background image

Chapter 36: TACACS+ and RADIUS Protocols

832

Section VIII: Management Security

ˆ

You need to configure the TACACS+ or RADIUS software on the
authentication server. This involves the following:

– Specifying the username and password combinations.

The maximum length for a username is 38
alphanumeric characters and spaces, and the
maximum length for a password is 16 alphanumeric
characters and spaces.

– Assigning each combination an authorization level.

How this is achieved differs depending on the server
software you are using. TACACS+ controls this
through the sixteen (0 to 15) different levels of the
Privilege attribute. A privilege level of “0” gives the
combination Operator status. Any value from 1 to 15
gives the combination Manager status.

For RADIUS, management level is controlled by the Service Type
attribute. This attribute has 11 different values; only two apply to the
AT-S63 management software. A value of Administrative for this
attribute gives the username and password combination Manager
access. A value of NAS Prompt assigns the combination Operator
status.

Note

This manual does not explain how to configure TACACS+ or
RADIUS server software. For that you need to refer to the
documentation that came with the software.

ˆ

You must activate the TACACS+ or RADIUS client software on the
switch using the AT-S63 management software and configure the
settings, which includes the IP addresses of up to three authentication
server. The procedure for this step is found in this chapter.

By default, authentication protocol is disabled in the AT-S63 management
software. After you activate it, you need to provide the following
information:

ˆ

Which authentication protocol you want to use. Only one
authentication protocol can be active on a switch at a time.

ˆ

IP addresses of up to three authentication servers.

ˆ

The encryption key used by the authentication servers.

You can specify up to three RADIUS or TACACS+ servers. Specifying
multiple servers adds redundancy to your network. For example, removing
an authentication server from the network for maintenance does not
prevent network managers from logging into switches if there are one or
two other authentication servers on the network.

Advertising
Popular Brands
Popular manuals