beautypg.com

Allied Telesis AT-S62 User Manual

Page 555

background image

AT-S62 User’s Guide

Section VII: Management Security

555

the Administration Menu so that the switch and server can
communicate with each other.

❑ You need to configure the TACACS+ or RADIUS software on the

authentication server. This involves the following:

Specifying the username and password combinations.

Assigning each combination an authorization level. How
this is achieved differs depending on the server software you
are using. TACACS+ controls this through the sixteen (0 to
15) different levels of the Privilege attribute. A privilege level
of “0” gives the combination Operator status. Any value from
1 to 15 gives the combination Manager status.

For RADIUS, management level is controlled by the Service
Type attribute. This attribute has 11 different values, of
which only two apply to the AT-S62 management software.
A value of Administrative for this attribute gives the
username and password combination Manager access. A
value of NAS Prompt assigns the combination Operator
status.

Note

This manual does not explain how to configure TACACS+ or RADIUS
server software. For that you need to refer to the documentation
that came with the software.

❑ You must activate the TACACS+ or RADIUS client software on the

switch using the AT-S62 software and configure the settings,
which includes the IP addresses of up to three authentication
server. The procedure for this step is found in this chapter.

By default, authentication protocol is disabled in the AT-S62 software.
Once you activate it, you need to provide the following information:

❑ Which authentication protocol, TACACS+ or RADIUS, you want to

use. Only one authentication protocol can be active on a switch at
a time.

❑ IP addresses of up to three authentication servers.

❑ The encryption key used by the authentication servers.

You can specify up to three TACACS+ or RADIUS servers. Specifying
multiple servers adds redundancy to your network. For example,
removing an authentication server from the network for maintenance
will not prevent network managers from logging into switches if there
are one or two other authentication servers on the network.

See also other documents in the category Allied Telesis Computer hardware: