LevelOne GTL-2691 User Manual
Page 313
C
HAPTER
13
| Security Measures
AAA Authorization and Accounting
– 313 –
CLI R
EFERENCES
◆
◆
◆
C
OMMAND
U
SAGE
◆
If a remote authentication server is used, you must specify the
message exchange parameters for the remote authentication protocol.
Both local and remote logon authentication control management access
via the console port, web browser, or Telnet.
◆
RADIUS and TACACS+ logon authentication assign a specific privilege
level for each user name/password pair. The user name, password, and
privilege level must be configured on the authentication server. The
encryption methods used for the authentication process must also be
configured or negotiated between the authentication server and logon
client. This switch can pass authentication messages between the
server and client that have been encrypted using MD5 (Message-Digest
5), TLS (Transport Layer Security), or TTLS (Tunneled Transport Layer
Security).
P
ARAMETERS
These parameters are displayed:
Configure Server
◆
RADIUS
■
Global – Provides globally applicable RADIUS settings.
■
Server Index – Specifies one of five RADIUS servers that may be
configured. The switch attempts authentication using the listed
sequence of servers. The process ends when a server either
approves or denies access to a user.
■
Server IP Address – Address of authentication server.
(A Server Index entry must be selected to display this item.)
■
Accounting Server UDP Port – Network (UDP) port on
authentication server used for accounting messages.
(Range: 1-65535; Default: 1813)
■
Authentication Server UDP Port – Network (UDP) port on
authentication server used for authentication messages.
(Range: 1-65535; Default: 1812)
■
Authentication Timeout – The number of seconds the switch
waits for a reply from the RADIUS server before it resends the
request. (Range: 1-65535; Default: 5)
■
Authentication Retries – Number of times the switch tries to
authenticate logon access via the authentication server.
(Range: 1-30; Default: 2)