Allied Telesis AT-S63 User Manual

Page 837

Advertising
background image

AT-S63 Management Software Menus Interface User’s Guide

Section IX: Management Security

837

The local subnet on the switch where the TACACS+ or RADIUS server is
a member must have a routing interface. The switch uses the IP address
of the routing interface as its source address when communicating with the
server. For background information on routing interfaces, refer to the latest
version of the AT-S63 Management Software Command Line Interface
User’s Guide. To configure routing interfaces using the menus interface,
refer to Chapter 29, “Internet Protocol Version 4 Routing Interfaces” on
page 695 in this guide.

Note

Prior to version 2.0.0 of the AT-S63 management software,
TACACS+ or RADIUS server had to be a member of the switch’s
management VLAN. This restriction no longer applies. The server
can be located on any local subnet of the switch, provided the
subnet has a routing interface.

By default, authentication protocol is disabled in the AT-S63 management
software. Before activating it, you need to do the following information:

ˆ

Select either TACACS+ or RADIUS as the active authentication
protocol. Only one authentication protocol can be active on a switch at
a time.

ˆ

Specify the IP addresses of up to three authentication servers.

ˆ

Specify the encryption keys used by the authentication servers.

You can specify up to three RADIUS or TACACS+ servers. Specifying
multiple servers adds redundancy to your network. For example, removing
an authentication server from the network for maintenance does not
prevent network managers from logging into switches if there are one or
two other authentication servers on the network.

When a switch receives a username and password combination from a
network manager, it sends the combination to the first authentication
server in its list. If the server fails to respond, the switch sends the
combination to the next server in the list, and so on.

Note

If no authentication server responds or if no servers have been
defined, the AT-S63 management software defaults to the standard
manager and operator accounts.

Note

For more information on TACACS+, refer to the RFC 1492 standard.
For more information on RADIUS, refer to the RFC 2865 standard.

Advertising
Popular Brands
Popular manuals