Guidelines, Guidelines 3 – Allied Telesis AT-8100 Series User Manual

AT-8100 Switch Command Line User’s Guide

1483

4. Configure the RADIUS or TACACS+ client on the switch by entering

the IP addresses of up to three authentication servers. For instructions,
refer to “Managing the RADIUS Client” on page 1484 or “Managing the
TACACS+ Client” on page 1488.

5. Enable the TACACS+ or RADIUS client.

6. Activate remote manager authentication on the switch. For

instructions, refer to “Configuring Remote Authentication of Manager
Accounts” on page 1491.

Note

For information on the RADIUS and TACACS+ authentication
protocols, refer to the RFC 2865 and RFC 1492 standards,
respectively.

Guidelines

Here are the guidelines to using the RADIUS and TACACS+ clients:



Only one client can be active on the switch at a time.



The clients can have a maximum of three IP addresses of
authentication servers.



The switch must have a management IP address. For instructions,
refer to Chapter 13, “IPv4 and IPv6 Management Addresses” on
page 299.



The authentication servers on your network must be members of
the same subnet as the management IP address of the switch or
have access to it through routers or other Layer 3 devices.



If the authentication servers are not members of the same subnet
as the management IP address, the switch must have a default
gateway. The default gateway defines the IP address of the first
hop to reaching the remote subnet of the servers. For instructions,
refer to Chapter 13, “IPv4 and IPv6 Management Addresses” on
page 299.



The client polls the servers for authentication information in the
order in which they are listed in the client.



The switch does not support the two earlier versions of the
TACACS+ protocol, TACACS and XTACACS.



The TACACS+ client does not support 802.1x port-based network
access control. You must use the RADIUS client and a RADIUS
server for that feature.