beautypg.com

Allied Telesis AT-S39 User Manual

Page 181

background image

Section II: Local and Telnet Management

181

If the username and password combination is invalid, the authentication
protocol server notifies the switch and the switch cancels the login.

Authorization defines what a manager can do once logged in to a
switch. You assign an authorization level to each username and
password combination that you create on the server software. The
access level will be either Manager or Operator.

The final function of the TACACS+ protocol is accounting, which is used
to keep track of user activity on network devices. The AT-8000 Series
switch does not support this function.

Note
The AT-S39 management software does not support the two earlier
versions of the TACACS+ protocol, TACACS and XTACACS.

So what does it take to use the TACACS+ and RADIUS protocols on an
AT-8000 Series switch? Here are the main points.

❑ First, you need to install TACACS+ or RADIUS server software on

one or more of your network servers or management stations.
Authentication protocol server software is not available from
Allied Telesyn.

❑ The authentication protocol server can be on the same subnet or

a different subnet as the AT-8000 Series switch. If the server and
switch are on different subnets, be sure to specify a default
gateway in the Administration Menu so that the switch and server
can communicate with each other.

❑ You need to configure the TACACS+ or RADIUS server software.

This involves the following:

Specifying the username and password combinations.

Assigning each combination an authorization level. This will
differ depending on the server software you are using.
TACACS+ controls this through the sixteen (0 to 15) different
levels of the Privilege attribute. A privilege level of “0” gives
the combination Operator status., while any value from 1 to
15 gives it Manager status.

For RADIUS, management level is controlled by the Service
Type attribute. This attribute has 11 different values, of
which only two are functional with an AT-8000 Series
switch. A value of Administrative for this attribute gives the
username and password combination Manager access. A
value of NAS Prompt assigns the combination Operator
status.

See also other documents in the category Allied Telesis Computer hardware: