beautypg.com

Tacacs+ and radius overview – Allied Telesis AT-S62 User Manual

Page 553

background image

AT-S62 User’s Guide

Section VII: Management Security

553

TACACS+ and RADIUS Overview

TACACS+ and RADIUS are authentication protocols for enhancing the
security of your network. (TACACS+ is an acronym for Terminal Access
Controller Access Control System. RADIUS is an acronym for Remote
Authentication Dial In User Services.) In general terms, these
authentication protocols are designed to transfer the task of
authenticating network access from a network device to an
authentication protocol server.

The AT-S62 software comes with TACACS+ and RADIUS client software.
You can use the client software to add two security features to the
switch. The first feature, described in this chapter, involves creating new
manager accounts that control who can log onto a switch to change the
unit’s parameter settings. The second feature is 802.1x Port-based
Access Control, explained in Chapter 24, 802.1x Port-based Access
Control on page 463, which controls which end users and end nodes can
send packets through the switch.

This chapter explains the new manager accounts feature. The AT-S62
software has two standard manager login accounts: Manager and
Operator. The Manager account lets you change a switch’s parameter
settings while the Operator account lets you view the settings, but not
change them. Each account has its own password.

For those networks managed by just one or two network managers, the
standard accounts may be all you need. However, for larger networks
managed by several network managers, you might want to give each
manager his or her own management login account rather than have
them share an account.

This is where TACACS+ and RADIUS can be useful. You can use them to
create additional manager accounts and transfer the task of validating
management access from the switch to an authentication protocol
server. You use the protocols to create a series of username and
password combinations that define who can manage an AT-8524M
switch.

There are three basic functions an authentication protocol provides:

❑ Authentication

❑ Authorization

❑ Accounting

See also other documents in the category Allied Telesis Computer hardware: