Tacacs+ and radius guidelines – Allied Telesis AT-S63 User Manual

Page 835

Advertising
background image

AT-S63 Management Software Menus Interface User’s Guide

Section IX: Management Security

835

switch passes the username and password entered by the manager to the
authentication protocol server. The server checks to see if the username
and password are valid. This is referred to as authentication.

If the combination is valid, the authentication protocol server notifies the
switch and the switch completes the login process, allowing the manager
to manage the switch.

If the username and password are invalid, the authentication protocol
server notifies the switch and the switch cancels the login.

Authorization defines what a manager can do after logging in to a switch.
The AT-9400 Series switch supports two management levels, Manager
and Operator. The Manager level lets you view and configure a switch’s
parameter settings, while the Operator level only lets you view the
settings. You must assign an authorization level to each manager
username and password combination on the authentication server.

The final function of an authentication protocol is keeping track of user
activity on network devices, referred to as accounting. The AT-S63
management software does not support RADIUS or TACACS+ accounting
as part of manager accounts. However, it does support RADIUS
accounting with the 802.1x Port-based Network Access Control feature, as
explained in Chapter 31, “802.1x Port-based Network Access Control” on
page 721.

Note

The AT-S63 management software does not support the two earlier
versions of the TACACS+ protocol, TACACS and XTACACS.

TACACS+ and

RADIUS

Guidelines

Here are the main steps to using the TACACS+ or RADIUS client on the
switch.

1. Install a TACACS+ or RADIUS server on one or more of your network

servers or management stations. Authentication protocol server
software is not available from Allied Telesyn.

2. Configure the TACACS+ or RADIUS authentication server.

Here are the guidelines to follow when configuring the server for new
manager accounts:

– To create a new manager account, enter the username and

password combination that the network manager will use to log
onto the switch when managing the device. The maximum length
for a username is 38 alphanumeric characters and spaces, and the
maximum length for a password is 16 alphanumeric characters and
spaces.

You must assign each account an authorization level. This differs

Advertising
Popular Brands
Popular manuals