Allied Telesis AT-S39 User Manual

Section II: Local and Telnet Management

194

Note

The switch communicates with the authentication server via the
switch’s management VLAN. Consequently, the node functioning as
the authentication server must be communicating with the switch
through a switch port that is a member of that VLAN. The default
management VLAN is Default_VLAN. For further information, refer
to Designating a Management VLAN on page 151.

❑ The authentication protocol server can be on the same subnet or

a different subnet as the AT-8000 Series switch. If the server and
switch are on different subnets, be sure to specify a default
gateway in the Administration Menu so that the switch and server
can communicate with each other.

❑ You need to configure the TACACS+ or RADIUS server software.

This involves the following:

—

Specifying the username and password combinations.

—

Assigning each combination an authorization level. This will
differ depending on the server software you are using.
TACACS+ controls this through the sixteen (0 to 15) different
levels of the Privilege attribute. A privilege level of “0” gives
the combination Operator status. Any value from 1 to 15
gives the combination Manager status.

For RADIUS, management level is controlled by the Service
Type attribute. This attribute has 11 different values, of
which only two are functional with an AT-8000 Series
switch. A value of Administrative for this attribute gives the
username and password combination Manager access. A
value of NAS Prompt assigns the combination Operator
status.

Note

This manual does not explain how to configure TACACS+ or RADIUS
server software. For that you need to refer to the documentation
that came with the software.

❑ Finally, you need to configure the TACACS+ or RADIUS client

software on the switch, as explained later in this chapter in
Configuring the Authentication Client Software on page 196.