beautypg.com

Tacacs+ and radius overview – Allied Telesis AT-S39 User Manual

Page 192

background image

Section II: Local and Telnet Management

192

TACACS+ and RADIUS Overview

The AT-S39 software has two standard management login accounts:
Manager and Operator. The Manager account lets you change a switch’s
parameter settings while the Operator account only lets you view the
settings. Each account has its own password. The Manager account has a
default password of “friend” and the Operator account has a default
password “operator.”

For those networks that are managed by just one or two network
managers, the standard accounts may be all you need. However, for
larger networks managed by several network managers, you might want
to give each manager his or her own management login account rather
than have them share an account.

This is where TACACS+ and RADIUS can be useful. (TACACS+ is an
acronym for Terminal Access Controller Access Control System. RADIUS
is an acronym for Remote Authentication Dial In User Services.) These
are authentication protocols. They can be used to transfer the task of
validating management access from an AT-8000 Series switch to an
authentication protocol server.

With the protocols, you can create a series of username and password
combinations that define who can manage an AT-8000 Series switch.

There are three basic functions an authentication protocol provides:

❑ Authentication

❑ Authorization

❑ Accounting

When a network manager logs in to a switch, the switch passes the
username and password entered by the manager to the authentication
protocol server. The server checks to see if the username and password
are valid for that switch. This is referred to as authentication.

If the combination is valid, the authentication protocol server notifies
the switch and the switch completes the login process, allowing the
manager to manage the switch.

If the username and password combination is invalid, the authentication
protocol server notifies the switch and the switch cancels the login.

Authorization defines what a manager can do once logged in to a
switch. You assign an authorization level to each username and
password combination that you create on the server software. The
access level will be either Manager or Operator.

See also other documents in the category Allied Telesis Computer hardware: