Allied Telesis AT-S63 User Manual

Chapter 34: TACACS+ and RADIUS Protocols

764

Section VII: Management Security

Note

This manual does not explain how to configure TACACS+ or
RADIUS server software. For that you need to refer to the
documentation that came with the software.

ˆ

You must activate the TACACS+ or RADIUS client software on the
switch using the AT-S63 management software and configure the
settings, which includes the IP addresses of up to three authentication
server. The procedure for this step is found in this chapter.

By default, authentication protocol is disabled in the AT-S63 management
software. After you activate it, you need to provide the following
information:

ˆ

Which authentication protocol you want to use. Only one
authentication protocol can be active on a switch at a time.

ˆ

IP addresses of up to three authentication servers.

ˆ

The encryption key used by the authentication servers.

You can specify up to three RADIUS or TACACS+ servers. Specifying
multiple servers adds redundancy to your network. For example, removing
an authentication server from the network for maintenance does not
prevent network managers from logging into switches if there are one or
two other authentication servers on the network.

When a switch receives a username and password combination from a
network manager, it sends the combination to the first authentication
server in its list. If the server fails to respond, the switch sends the
combination to the next server in the list, and so on.

If no authentication server responds or if no servers have been defined
and you are managing the switch locally, the AT-S63 management
software defaults to the standard manager and operator accounts.

Note

For more information on TACACS+, refer to the RFC 1492 standard.
For more information on RADIUS, refer to the RFC 2865 standard.