beautypg.com

Tacacs+ and radius overview – Allied Telesis AT-S62 User Manual

Page 748

background image

Chapter 34: TACACS+ and RADIUS Authentication Protocols

748

Section VII: Management Security

TACACS+ and RADIUS Overview

TACACS+ and RADIUS are authentication protocols for enhancing the
security of your network. (TACACS+ is an acronym for Terminal Access
Controller Access Control System. RADIUS is an acronym for Remote
Authentication Dial In User Services.) In general terms, these
authentication protocols transfer the task of authenticating network access
from a network device to an authentication protocol server.

The AT-S62 software comes with TACACS+ and RADIUS client software.
You can use the client software to add two security features to the switch.
The first feature, described in this chapter, involves creating new manager
accounts for controlling who can log onto a switch to change its parameter
settings. The second feature is 802.1x Port-based Access Control,
explained in Chapter 29, “802.1x Port-based Network Access Control” on
page 643, which controls which end users and end nodes can send
packets through the switch.

This chapter explains the manager accounts feature. The AT-S62
software has two standard manager login accounts: Manager and
Operator. The Manager account lets you change a switch’s parameter
settings while the Operator account lets you view the settings, but not
change them. Each account has its own password.

For networks managed by just one or two network managers, the standard
accounts may be all you need. However, for larger networks managed by
several network managers, you might want to give each manager his or
her own management login account rather than have them share an
account.

This is where TACACS+ and RADIUS can be useful. You can use them to
create additional manager accounts and transfer the task of validating
management access from the switch to an authentication protocol server.
You use the protocols to create a series of username and password
combinations that define who can manage an AT-8500 Series switch.

There are three basic functions an authentication protocol provides:

ˆ

Authentication

ˆ

Authorization

ˆ

Accounting

When a network manager logs in to a switch to manage the device, the
switch passes the username and password entered by the manager to the
authentication protocol server. The server checks to see if the username
and password are valid for that switch. This is referred to as
authentication.

See also other documents in the category Allied Telesis Computer hardware: