Allied Telesis AT-S63 User Manual

Page 836

Advertising
background image

Chapter 36: TACACS+ and RADIUS Protocols

836

Section IX: Management Security

depending on the server software. TACACS+ controls this through
the sixteen (0 to 15) different levels of the Privilege attribute. A
privilege level of “0” gives the combination Operator status. Any
value from 1 to 15 gives the combination Manager status.

For RADIUS, management level is controlled by the Service Type
attribute. This attribute has 11 different values; only two apply to
the AT-S63 management software. A value of Administrative for
this attribute gives the username and password combination
Manager access. A value of NAS Prompt assigns the combination
Operator status.

Note

This manual does not explain how to configure a TACACS+ or
RADIUS server. For instructions, refer to the documentation
included with the server software.

Here are the guidelines to follow when configuring the server for
supplicant accounts for 802.1x port-based access control:

– 802.1x is only supported with a RADIUS server.

– To create an account for a supplicant connected to an

authenticator port set to the 802.1x authentication mode, enter a
username and password combination. The maximum length for a
username is 38 alphanumeric characters and spaces, and the
maximum length for a password is 16 alphanumeric characters
and spaces.

– To create an account for a supplicant connected to an

authenticator port set to the MAC address-based authentication
mode, enter the MAC address of the node used by the supplicant
as both its username and password. When entering the MAC
address, do not use spaces or colons (:).

– If you are associating VLANs with supplicant accounts, refer to

“Supplicant VLAN Attributes on the RADIUS Server” on page 735
for further information.

3. Configure the TACACS+ or RADIUS client on the switch by entering

the IP addresses of up to three authentication servers. For
instructions, refer to “Configuring the TACACS+ Client” on page 840 or
“Configuring the RADIUS Client” on page 843.

4. Activate the TACACS+ or RADIUS client on the switch. For

instructions, refer to “Enabling or Disabling Server-based Management
Authentication” on page 838.

Advertising
Popular Brands
Popular manuals