2 configuring local / remote logon authentication – PLANET SGSD-1022 User Manual

User’s Manual of SGSD-1022 / SGSD-1022P

SGSW-2840 / SGSW-2840P

4.11.2 Configuring Local / Remote Logon Authentication

Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can

manually configure access rights on the Managed Switch, or you can use a remote access authentication server based on

RADIUS or TACACS+ protocols.

Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller Access Control System Plus

(TACACS+) are logon authentication protocols that use software running on a central server to control access to

RADIUS-aware or TACACS-aware devices on the network. An authentication server contains a database of multiple user

name/password pairs with associated privilege levels for each user that requires management access to the Managed Switch.

RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented

transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while

TACACS+ encrypts the entire body of the packet.

Command Usage

• By default, management access is always checked against the authentication database stored on the local switch. If a

remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for

the remote authentication protocol. Local and remote logon authentication control management access via the console port,

web browser, or Telnet.

262