beautypg.com

Tacacs+ and radius overview – Allied Telesis AT-S62 User Manual

Page 697

background image

AT-S62 Menus Interface User’s Guide

Section VII: Management Security

697

TACACS+ and RADIUS Overview

TACACS+ and RADIUS are authentication protocols for enhancing the
security of your network. (TACACS+ is an acronym for Terminal Access
Controller Access Control System. RADIUS is an acronym for Remote
Authentication Dial In User Services.) In general terms, these
authentication protocols transfer the task of authenticating network
access from a network device to an authentication protocol server.

The AT-S62 software comes with TACACS+ and RADIUS client software.
You can use the client software to add two security features to the
switch. The first feature, described in this chapter, involves creating new
manager accounts for controlling who can log onto a switch to change
its parameter settings. The second feature is 802.1x Port-based Access
Control, explained in Chapter 30, 802.1x Port-based Access Control on
page 607, which controls which end users and end nodes can send
packets through the switch.

This chapter explains the manager accounts feature. The AT-S62
software has two standard manager login accounts: Manager and
Operator. The Manager account lets you change a switch’s parameter
settings while the Operator account lets you view the settings, but not
change them. Each account has its own password.

For networks managed by just one or two network managers, the
standard accounts may be all you need. However, for larger networks
managed by several network managers, you might want to give each
manager his or her own management login account rather than have
them share an account.

This is where TACACS+ and RADIUS can be useful. You can use them to
create additional manager accounts and transfer the task of validating
management access from the switch to an authentication protocol
server. You use the protocols to create a series of username and
password combinations that define who can manage an AT-8500 Series
switch.

There are three basic functions an authentication protocol provides:

❑ Authentication

❑ Authorization

❑ Accounting

See also other documents in the category Allied Telesis Computer hardware: