beautypg.com

Guidelines – Allied Telesis AT-S62 User Manual

Page 554

background image

Chapter 29: RADIUS and TACACS+ Authentication Protocols

Section VII: Management Security

554

When a network manager logs in to a switch to manage the device, the
switch passes the username and password entered by the manager to
the authentication protocol server. The server checks to see if the
username and password are valid for that switch. This is referred to as
authentication.

If the combination is valid, the authentication protocol server notifies
the switch and the switch completes the login process, allowing the
manager to manage the switch.

If the username and password are invalid, the authentication protocol
server notifies the switch and the switch cancels the login.

Authorization defines what a manager can do once logged in to a
switch. You assign an authorization level to each username and
password combination that you create on the server software. The
access level can either Manager or Operator.

The final function of an authentication protocol is accounting, which is
used to keep track of user activity on network devices. The AT-S62
management software does not support RADIUS or TACACS+
accounting as part of manager accounts. However, it does support
RADIUS accounting with the 802.1x port-based access control feature,
explained in Chapter 24, 802.1x Port-based Access Control on page 463.

Note

The AT-S62 management software does not support the two earlier
versions of the TACACS+ protocol, TACACS and XTACACS.

Guidelines

Here are the main points to using the RADIUS and TACACS+ protocols.

❑ First, you need to install TACACS+ or RADIUS server software on

one or more of your network servers or management stations.
Authentication protocol server software is not available from
Allied Telesyn.

Note

The switch communicates with the authentication server via the
switch’s management VLAN. Consequently, the node functioning as
the authentication server must be communicating with a switch
through a port that is a member of that VLAN. The default
management VLAN is Default_VLAN. For further information, refer
to Specifying a Management VLAN on page 418.

❑ The authentication protocol server can be on the same subnet or

a different subnet as the AT-8524M switch. If the server and switch
are on different subnets, be sure to specify a default gateway in

See also other documents in the category Allied Telesis Computer hardware: