beautypg.com

Tacacs+ and radius implementation guidelines – Allied Telesis AT-S63 User Manual

Page 646

background image

Chapter 30: TACACS+ and RADIUS Protocols

Section IV: Security

646

password combination that you create on the server software. The
access level can either Manager or Operator.

The final function of an authentication protocol is accounting, which
keeps track of user activity on network devices. The AT-S63
management software does not support RADIUS or TACACS+
accounting as part of manager accounts. However, it does support
RADIUS accounting with the 802.1x Port-based Network Access Control
feature, as explained in Chapter 29, ”802.1x Port-based Network Access
Control” on page 619.

Note

The AT-S63 management software does not support the two earlier
versions of the TACACS+ protocol, TACACS and XTACACS.

TACACS+ and

RADIUS

Implementation

Guidelines

What do you need to use the TACACS+ and RADIUS protocols?
Following are the main points.

❑ First, you need to install TACACS+ or RADIUS server software on

one or more of your network servers or management stations.
Authentication protocol server software is not available from
Allied Telesyn.

❑ The authentication protocol server can be on the same subnet or

a different subnet as the AT-9400 Series switch. If the server and
switch are on different subnets, be sure to specify a default
gateway in the System Configuration menu (Figure 5 on page 52)
so that the switch and server can communicate with each other.

❑ You need to configure the TACACS+ or RADIUS software on the

authentication server. This involves the following:

Specifying the username and password combinations. The
maximum length for a username is 38 alphnumeric
characters and spaces, and the maximum length for a
password is 16 alphnumeric characters and spaces.

Assigning each combination an authorization level. How this
is achieved differs depending on the server software you are
using. TACACS+ controls this through the sixteen (0 to 15)
different levels of the Privilege attribute. A privilege level of
“0” gives the combination Operator status. Any value from 1
to 15 gives the combination Manager status.

For RADIUS, management level is controlled by the Service
Type attribute. This attribute has 11 different values; only two
apply to the AT-S63 management software. A value of

See also other documents in the category Allied Telesis Computer hardware: