Functions of an authentication protocol, Tacacs+ and radius configuration guidelines – Allied Telesis AT-S39 User Manual

AT-S39 User’s Guide

195

Functions of an

Authentication

Protocol

There are three basic functions an authentication protocol provides:

❑ Authentication

❑ Authorization

❑ Accounting

When a network manager logs in to a switch, the switch passes the
username and password entered by the manager to the authentication
protocol server. The server checks to see if the username and password
are valid for that switch. This is referred to as authentication.

If the combination is valid, the authentication protocol server notifies
the switch and the switch completes the login process, allowing the
manager to access the switch.

If the username and password combination is invalid, the authentication
protocol server notifies the switch and the switch cancels the login.

Authorization defines what a manager can do once logged in to a
switch. You assign an authorization level to each username and
password combination that you create on the server software. The
access level will be either Manager or Operator.

The final function of the TACACS+ protocol is accounting, which keeps
track of user activity on network devices. The AT-S39 management
software does not support this function.

Note

The AT-S39 management software does not support the two earlier
versions of the TACACS+ protocol, TACACS and XTACACS.

TACACS+ and

RADIUS

Configuration

Guidelines

By default, the authentication client software is disabled on an AT-8000
Series switch. In order to activate it, you will need to provide the
following information:

❑ Which authentication protocol you want to use. Only one

authentication protocol can be active on a switch at a time.

❑ IP addresses of up to three authentication servers.

❑ The encryption key used by the authentication servers.

Note

For more information on TACACS+, refer to the RFC 1492 standard.
For more information on RADIUS, refer to the RFC 2865 standard.