beautypg.com

Overview, Remote manager accounts – Allied Telesis AT-9000 Series User Manual

Page 172

background image

Chapter 16: Setting RADIUS and TACACS+ Clients

172

Overview

The switch has RADIUS and TACACS+ clients for remote authentication.
Here are the features that use remote authentication:

802.1x port-based network access control. This feature lets you
increase network security by requiring that network users log on with a
username and password before the switch will forward their packets.
This feature is described in Chapter 17, “Setting 802.1x Port-based
Network Access” on page 185.

Remote manager accounts. This feature lets you add manager
accounts to the switch by transferring the task of authenticating
the accounts from the switch to an authentication server on your
network. This feature is described in “Managing User Accounts” on
page 44.

The RADIUS client supports both features, but the TACACS+ client
supports only the remote manager accounts feature. Here are the
guidelines:

Only one client can be active on the switch at a time.

If you want to use just the remote manager account feature, you can
use either RADIUS or TACACS+ because both clients support that
feature.

If you want to use 802.1x port-based network access control, you have
to use the RADIUS client because the TACACS+ client does not
support that feature.

Remote Manager

Accounts

The switch comes with one local manager account. The account is
referred to as a local account because the switch authenticates the
username and password when a manager uses the account to log on. If
the username and password are valid, the switch allows the individual to
access its management software. Otherwise, it cancels the login to
prevent unauthorized access.

There are two ways to add more manager accounts. The first way is to
create additional local accounts. For more information about local
accounts, see “Managing User Accounts” on page 44.

The second way to add more accounts is with a RADIUS or TACACS+
authentication server on your network. With either authentication method,
the authentication of the usernames and passwords of the manager
accounts is performed by one or more authentication servers. The switch
forwards the information to the servers when managers log on. The
following steps illustrate the authentication process that occurs between
the switch and an authentication server when a manager logs on:

See also other documents in the category Allied Telesis Computer hardware: