beautypg.com

Tacacs+ and radius overview – Allied Telesis AT-S39 User Manual

Page 193

background image

AT-S39 User’s Guide

193

TACACS+ and RADIUS Overview

TACACS+ and RADIUS are authentication protocols used to enhance the
security of your network. (TACACS+ is an acronym for Terminal Access
Controller Access Control System. RADIUS is an acronym for Remote
Authentication Dial In User Services.) The authentication protocols are
used to transfer the task of authenticating network access from a
network device to an authentication protocol server.

The AT-S39 software comes with TACACS+ and RADIUS client software.
You can use the client software to add two security features to the
switch. The first feature, described in this chapter, involves creating new
manager accounts. These accounts define who can log onto a switch to
change the unit’s operating parameter settings. The second feature is
802.1x Port-based Access Control, explained in Chapter 18, 802.1x
Port-Based Access Control on page 202.

The AT-S39 software has two standard management login accounts:
Manager and Operator. The Manager account lets you change a switch’s
parameter settings while the Operator account only lets you view the
settings. Each account has its own password. The Manager account has a
default password of “friend” and the Operator account has a default
password “operator.”

For those networks managed by just one or two network managers, the
standard accounts may be all you need. However, for larger networks
managed by several network managers, you might want each manager
to have his or her own management login account rather than for them
to share an account.

This is where TACACS+ and RADIUS can be useful. You can use them to
transfer the task of validating manager access from an AT-8000 Series
switch to an authentication protocol server. You can use the protocols to
create a series of username and password combinations that define who
can manage an AT-8000 Series switch.

To add new manager accounts, you need to do the following:

❑ You must install TACACS+ or RADIUS server software on one or

more of your network servers or management stations.
Authentication protocol server software is not available from
Allied Telesyn.

See also other documents in the category Allied Telesis Computer hardware: