Tacacs+ and radius overview – Allied Telesis AT-S39 User Manual
Page 180
AT-S39 User’s Guide
180
TACACS+ and RADIUS Overview
The AT-S39 software has two standard management login accounts:
Manager and Operator. The Manager account lets you change a switch’s
parameter settings while the Operator account only lets you view the
settings. Each account has its own password. The Manager account has a
default password of “admin” and the Operator account has a default
password “friend.”
For those networks that are managed by just one or two network
managers, the standard accounts may be all you need. However, for
larger networks managed by several network managers, you might want
to give each manager his or her own management login account rather
than have them share an account.
This is where TACACS+ and RADIUS can be useful. (TACACS+ is an
acronym for Terminal Access Controller Access Control System. RADIUS
is an acronym for Remote Authentication Dial In User Services.) These
are authentication protocols. They can be used to transfer the task of
validating management access from an AT-8000 Series switch to an
authentication protocol server.
With the protocols, you can create a series of username and password
combinations that define who can manage an AT-8000 Series switch.
Note
The authentication protocols cannot be used to control the flow of
data packets through the switch. They can only control who can and
cannot log onto the device to manage it. If you want to control the
flow of data packets, refer to Chapter 15, Port Security on page 70.
There are three basic functions an authentication protocol provides:
❑ Authentication
❑ Authorization
❑ Accounting
When a network manager logs in to a switch, the switch passes the
username and password entered by the manager to the authentication
protocol server. The server checks to see if the username and password
are valid for that switch. This is referred to as authentication.
If the combination is valid, the authentication protocol server notifies
the switch and the switch completes the login process, allowing the
manager to manage the switch.