Allied Telesis AT-S39 User Manual

AT-S39 User’s Guide

193

The final function of the TACACS+ protocol is accounting, which is used
to keep track of user activity on network devices. The AT-8000 Series
switch does not support this function.

Note
The AT-S39 management software does not support the two earlier
versions of the TACACS+ protocol, TACACS and XTACACS.

So what does it take to use the TACACS+ and RADIUS protocols on an
AT-8000 Series switch? Here are the main points.

❑ First, you need to install TACACS+ or RADIUS server software on

one or more of your network servers or management stations.
Authentication protocol server software is not available from
Allied Telesyn.

❑ The authentication protocol server can be on the same subnet or

a different subnet as the AT-8000 Series switch. If the server and
switch are on different subnets, be sure to specify a default
gateway in the Administration Menu so that the switch and server
can communicate with each other.

❑ You need to configure the TACACS+ or RADIUS server software.

This involves the following:

—

Specifying the username and password combinations.

—

Assigning each combination an authorization level. This will
differ depending on the server software you are using.
TACACS+ controls this through the sixteen (0 to 15) different
levels of the Privilege attribute. A privilege level of “0” gives
the combination Operator status. Any value from 1 to 15
gives the combinationManager status.

For RADIUS, management level is controlled by the Service
Type attribute. This attribute has 11 different values, of
which only two are functional with an AT-8000 Series
switch. A value of Administrative for this attribute gives the
username and password combination Manager access. A
value of NAS Prompt assigns the combination Operator
status.

Note
This manual does not explain how to configure TACACS+ or RADIUS
server software. For that you need to refer to the documentation
that came with the software.