beautypg.com

Guidelines – Allied Telesis AT-S62 User Manual

Page 749

background image

AT-S62 Management Software Menus Interface User’s Guide

Section VII: Management Security

749

If the combination is valid, the authentication protocol server notifies the
switch and the switch completes the login process, allowing the manager
to manage the switch.

If the username and password are invalid, the authentication protocol
server notifies the switch and the switch cancels the login.

Authorization defines what a manager can do once logged in to a switch.
You assign an authorization level to each username and password
combination that you create on the server software. The access level can
either Manager or Operator.

The final function of an authentication protocol is accounting, which is
used to keep track of user activity on network devices. The AT-S62
management software does not support RADIUS or TACACS+ accounting
as part of new manager accounts. However, it does support RADIUS
accounting with the 802.1x port-based access control feature, explained in
Chapter 29, “802.1x Port-based Network Access Control” on page 643.

Note

The AT-S62 management software does not support the two earlier
versions of the TACACS+ protocol, TACACS and XTACACS.

Guidelines

Here are the main points to using the RADIUS and TACACS+ protocols.

ˆ

First, you need to install TACACS+ or RADIUS server software on one
or more of your network servers or management stations.
Authentication protocol server software is not available from Allied
Telesyn.

Note

The switch communicates with the authentication server via the
switch’s management VLAN. Consequently, the node functioning as
the authentication server must be communicating with a switch
through a port that is a member of that VLAN. The default
management VLAN is Default_VLAN. For further information, refer
to “Specifying a Management VLAN” on page 579.

ˆ

The authentication protocol server can be on the same subnet or a
different subnet as the AT-8500 Series switch. If the server and switch
are on different subnets, be sure to specify a default gateway in the
Administration Menu so that the switch and server can communicate
with each other.

ˆ

You need to configure the TACACS+ or RADIUS software on the
authentication server. This involves the following:

– Specifying the username and password combinations. A

username can contain up to 30 alphanumeric characters and a

See also other documents in the category Allied Telesis Computer hardware: