Allied Telesis AT-S60 User Manual

Page 398

background image

AT-S60 Management Software User’s Guide

Section III: Security Features

397

Authorization defines what a user can do once logged in to a switch. You
assign an authorization level to each user name and password
combination that you create on the server software. The access level is
either Manager or Operator.

The final function of the TACACS+ protocol is accounting, which is used
to keep track of user activity on network devices. The AT-8400 Series
switch does not support this function.

Note

The AT-S60 management software does not support the two earlier
versions of the TACACS+ protocol, TACACS and XTACACS.

So what does it take to use the TACACS+ and RADIUS protocols on an
AT-8400 Series switch? Here are the main points.

❑ First, you need to install TACACS+ or RADIUS server software on

one or more of your network servers or management stations.
Authentication protocol server software is not available from
Allied Telesyn.

❑ The authentication protocol server can be on the same subnet or

a different subnet as the AT-8400 Series switch. If the server and
switch are on different subnets, be sure to specify a default
gateway in the Administration Menu so that the switch and server
can communicate with each other.

❑ You need to configure the TACACS+ or RADIUS server software.

This involves the following:

Specifying the user name and password combinations.

Assigning each combination an authorization level. This
differs depending on the server software you are using.
TACACS+ controls this through the sixteen (0 to 15) different
levels of the Privilege attribute. A privilege level of “0” gives
the combination Operator status. Any value from 1 to 15
gives the combination Manager status.

For RADIUS, management level is controlled by the Service
Type attribute. This attribute has 11 different values, of
which two are functional with an AT-8400 Series switch. A
value of Administrative for this attribute gives the user
name and password combination Manager access. A value
of NAS Prompt assigns the combination Operator status.