beautypg.com

Radius, Radius implementation guidelines – Allied Telesis AT-S87 User Manual

Page 119

background image

AT-S87 Management Software User’s Guide

119

RADIUS

RADIUS is an acronym for Remote Authentication Dial In User Services,
an authentication protocol. You can use RADIUS to transfer the task of
validating management access from a switch to an authentication protocol
server.

With the protocols you can create a series of username and password
combinations that define who can manage an AT-GS950/48 Gigabit
Ethernet Smart Switch.

There are three basic functions an authentication protocol provides:

ˆ

Authentication

ˆ

Authorization

ˆ

Accounting

When a network manager logs in to a switch to manage the device, the
switch passes the username and password entered by the manager to the
authentication protocol server. The server checks to see if the username
and password are valid for that switch. This is referred to as
authentication.

If the combination is valid, the authentication protocol server notifies the
switch and the switch completes the login process, allowing the manager
to manage the switch.

If the username and password are invalid, the authentication protocol
server notifies the switch and the switch cancels the login.

Authorization defines what a manager can do after logging in to a switch.
You assign an authorization level to each username and password
combination that you create on the server software. The access level can
either Manager or Operator. The AT-S87 management software does not
support RADIUS authorization.

The final function of an authentication protocol is accounting, which keeps
track of user activity on network devices. The AT-S87 management
software does not support RADIUS accounting as part of manager
accounts.

RADIUS

Implementation

Guidelines

Following are the guidelines for using RADIUS authentication:

ˆ

First, you need to install RADIUS server software on one or more of
your network servers or management stations. Authentication protocol
server software is not available from Allied Telesis.

ˆ

The authentication protocol server can be on the same subnet or a
different subnet as the switch. If the server and switch are on different

See also other documents in the category Allied Telesis Computer hardware: