Guidelines 1, Guidelines – Allied Telesis AT-FS970M Series User Manual

AT-FS970M Switch Command Line User’s Guide

1461

4. Configure the RADIUS or TACACS+ client on the switch by entering

the IP addresses of up to three authentication servers. For instructions,
refer to “Managing the RADIUS Client” on page 1462 or “Managing the
TACACS+ Client” on page 1466.

5. Enable the TACACS+ or RADIUS client.

6. Activate remote manager authentication on the switch. For

instructions, refer to “Configuring Remote Authentication of Manager
Accounts” on page 1469.

Note

For information on the RADIUS and TACACS+ authentication
protocols, refer to the RFC 2865 and RFC 1492 standards,
respectively.

Guidelines

Here are the guidelines to using the RADIUS and TACACS+ clients:



Only one client can be active on the switch at a time.



The clients can have a maximum of three IP addresses of
authentication servers.



The switch must have a management IP address. For instructions,
refer to Chapter 13, “IPv4 and IPv6 Management Addresses” on
page 293.



The authentication servers on your network must be members of
the same subnet as the management IP address of the switch or
have access to it through routers or other Layer 3 devices.



If the authentication servers are not members of the same subnet
as the management IP address, the switch must have a default
gateway. The default gateway defines the IP address of the first
hop to reaching the remote subnet of the servers. For instructions,
refer to Chapter 13, “IPv4 and IPv6 Management Addresses” on
page 293.



The client polls the servers for authentication information in the
order in which they are listed in the client.



The switch does not support the two earlier versions of the
TACACS+ protocol, TACACS and XTACACS.



The TACACS+ client does not support 802.1x port-based network
access control. You must use the RADIUS client and a RADIUS
server for that feature.