beautypg.com

Allied Telesis AT-S62 User Manual

Page 700

background image

Chapter 35: RADIUS and TACACS+ Authentication Protocols

Section VII: Management Security

700

You can specify up to three TACACS+ or RADIUS servers. Specifying
multiple servers adds redundancy to your network. For example,
removing an authentication server from the network for maintenance
will not prevent network managers from logging into switches if there
are one or two other authentication servers on the network.

When a switch receives a username and password combination from a
network manager, it sends the combination to the first authentication
server in its list. If the server fails to respond, the switch sends the
combination to the next server in the list, and so on.

If no authentication server responds or if no servers have been defined
and you are managing the switch locally, the management software
defaults to the standard manager and operator accounts.

Note

For more information on TACACS+, refer to the RFC 1492 standard.
For more information on RADIUS, refer to the RFC 2865 standard.