Configuring local/remote logon authentication, Configuring local/remote logon authentication -3 – SMC Networks SMC TigerAccess SMC7824M/FSW User Manual
Page 141
C
ONFIGURING
L
OCAL
/R
EMOTE
L
OGON
A
UTHENTICATION
6-3
CLI – Assign a user name to access-level 15 (i.e., administrator), then
specify the password.
Configuring Local/Remote Logon
Authentication
Use the Authentication
Settings menu to restrict
management access
based on specified user
names and passwords.
You can manually
configure access rights
on the switch, or you can
use a remote access
authentication server based on RADIUS or TACACS+ protocols.
Remote Authentication Dial-in User Service (RADIUS) and Terminal
Access Controller Access Control System Plus (TACACS+) are logon
authentication protocols that use software running on a central server to
control access to RADIUS-aware or TACACS- aware devices on the
network. An authentication server contains a database of multiple user
name/password pairs with associated privilege levels for each user that
requires management access to the switch.
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best
effort delivery, while TCP offers a connection-oriented transport. Also,
note that RADIUS encrypts only the password in the access-request
packet from the client to the server, while TACACS+ encrypts the entire
body of the packet.
Console(config)#username bob access-level 15
Console(config)#username bob password 0 smith
Console(config)#
Web
Telnet
RADIUS/
TACACS+
server
console
1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.