Allied Telesis AT-8100 Series User Manual

AT-8100 Switch Command Line User’s Guide

1491

Configuring Remote Authentication of Manager Accounts

Check that you performed the following steps before activating remote
authentication of manager accounts on the switch:



Added at least one RADIUS or TACACS+ server to your network.



Added the manager accounts to the authentication servers.



Assigned a management IP address to the switch.



Added the IP addresses of the authentication servers to the
RADIUS or TACACS+ client on the switch.

To activate the feature, use the AAA AUTHENTICATION LOGIN
commands in the Global Configuration mode. The commands for the two
clients are different. If you are using RADIUS, enter:

awplus> enable
awplus# configure terminal
awplus(config)# aaa authentication login radius

If you are using TACACS+, enter:

awplus> enable
awplus# configure terminal
awplus(config)# aaa authentication login tacacs

After you activate the feature, all future login attempts by managers are
forwarded by the switch to the designated authentication servers for
authentication.

To deactivate the feature, use the NO versions of the commands. The
following example deactivates the feature if it is using RADIUS:

awplus> enable
awplus# configure terminal
awplus(config)# no aaa authentication login radius

The following example deactivates the feature if it is using TACACS+:

awplus> enable
awplus# configure terminal
awplus(config)# no aaa authentication login tacacs

The switch supports both local and remote manager accounts at the same
time for different management methods. You can toggle the remote
manager authenticator on or off for local, Telnet, and SSH management
sessions. For example, you may configure the switch to use its local
manager accounts for local management sessions and remote manager
accounts for Telnet and SSH management sessions. You can even toggle
remote authentication on or off for the ten individual VTY lines the switch