Guidelines – Allied Telesis AT-S63 User Manual

Page 427

background image

AT-S63 Management Software Features Guide

Section IX: Management Security

427

Guidelines

Here are the main steps to using the TACACS+ or RADIUS client on the
switch.

1. Install a TACACS+ or RADIUS server on one or more of your network

servers or management stations. Authentication protocol server
software is not available from Allied Telesis.

2. Configure the TACACS+ or RADIUS authentication server.

Here are the guidelines to follow when configuring the server for new
manager accounts:

– To create a new manager account, enter the username and

password combination that the network manager will use to log
onto the switch when managing the device. The maximum length
for a username is 38 alphanumeric characters and spaces, and the
maximum length for a password is 16 alphanumeric characters and
spaces.

You must assign each account an authorization level. This differs
depending on the server software. TACACS+ controls this through
the sixteen (0 to 15) different levels of the Privilege attribute. A
privilege level of “0” gives the combination Operator status. Any
value from 1 to 15 gives the combination Manager status.

For RADIUS, management level is controlled by the Service Type
attribute. This attribute has 11 different values; only two apply to
the AT-S63 Management Software. A value of Administrative for
this attribute gives the username and password combination
Manager access. A value of NAS Prompt assigns the combination
Operator status.

Note

This manual does not explain how to configure a TACACS+ or
RADIUS server. For instructions, refer to the documentation
included with the server software.

Here are the guidelines to follow when configuring the server for
supplicant accounts for 802.1x port-based access control:

– 802.1x is only supported with a RADIUS server.

– To create an account for a supplicant connected to an

authenticator port set to the 802.1x authentication mode, enter a
username and password combination. The maximum length for a
username is 38 alphanumeric characters and spaces, and the