beautypg.com

Tacacs+ and radius implementation guidelines – Allied Telesis AT-S63 User Manual

Page 763

background image

AT-S63 Management Software Menus Interface User’s Guide

Section VII: Management Security

763

The final function of an authentication protocol is accounting, which keeps
track of user activity on network devices. The AT-S63 management
software does not support RADIUS or TACACS+ accounting as part of
manager accounts. However, it does support RADIUS accounting with the
802.1x Port-based Network Access Control feature, as explained in
Chapter 28, “802.1x Port-based Network Access Control” on page 647.

Note

The AT-S63 management software does not support the two earlier
versions of the TACACS+ protocol, TACACS and XTACACS.

TACACS+ and

RADIUS

Implementation

Guidelines

What do you need to use the TACACS+ and RADIUS protocols?
Following are the main points.

ˆ

First, you need to install TACACS+ or RADIUS server software on one
or more of your network servers or management stations.
Authentication protocol server software is not available from Allied
Telesyn.

ˆ

The authentication protocol server can be on the same subnet or a
different subnet as the AT-9400 Series switch. If the server and switch
are on different subnets, be sure to specify a default gateway in the
System Configuration menu (Figure 5 on page 47) so that the switch
and server can communicate with each other.

ˆ

You need to configure the TACACS+ or RADIUS software on the
authentication server. This involves the following:

Specifying the username and password

combinations. The maximum length for a username is
38 alphnumeric characters and spaces, and the
maximum length for a password is 16 alphnumeric
characters and spaces.

Assigning each combination an authorization

level. How this is achieved differs depending on the
server software you are using. TACACS+ controls this
through the sixteen (0 to 15) different levels of the
Privilege attribute. A privilege level of “0” gives the
combination Operator status. Any value from 1 to 15
gives the combination Manager status.

For RADIUS, management level is controlled by the Service Type
attribute. This attribute has 11 different values; only two apply to the
AT-S63 management software. A value of Administrative for this
attribute gives the username and password combination Manager
access. A value of NAS Prompt assigns the combination Operator
status.

See also other documents in the category Allied Telesis Computer hardware: