Configuring radius/tacacs logon authentication, Configuring radius/tacacs logon authentication -15 – SMC Networks TigerSwitch 100 User Manual

S

ECURITY

2-15

CLI – Assign a user name to access-level 15 (i.e., administrator), then
specify the password.

Configuring RADIUS/TACACS Logon Authentication

You can configure this switch to authenticate users logging into the system
for management access using local, RADIUS, or TACACS+ authentication
methods.

RADIUS and TACACS+ are logon authentication protocols that use
software running on a central server to control access to RADIUS-aware
or TACACS+-aware devices on the network. An authentication server
contains a database of multiple user name, password pairs with associated
privilege levels for each user that requires management access to a switch.

Like RADIUS, Terminal Access Controller Access Control System Plus
(TACACS+) is a system that uses a central server to control authentication
for access to switches on the network.

RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best
effort delivery, while TCP offers a connection-oriented transport. Also,
note that RADIUS encrypts only the password in the access-request
packet from the client to the server, while TACACS+ encrypts the entire
body of the packet.

Command Usage

•

By default, management access is always checked against the
authentication database stored on the local switch. If a remote
authentication server is used, you must specify the authentication
sequence and the corresponding parameters for the remote
authentication protocol.

Console(config)#username bob access-level 15

3-27

Console(config)#username bob password 0 smith
Console(config)#