DES-3550 Layer 2 Fast Ethernet Switch User’s Guide
117
User Account Management
Add/Update/Delete User Accounts
Yes No
View User Accounts Yes No
Admin and User Privileges
After establishing a User Account with Admin-level privileges, be sure to save the changes by
opening the Maintenance folder, opening the Save Changes window and clicking the Save
Configuration button.
Access Authentication Control
The TACACS / XTACACS / TACACS+ commands let you secure access to the Switch using
the TACACS / XTACACS / TACACS+ protocols. When a user logs in to the Switch or tries
to access the administrator level privelege, he or she is prompted for a password. If TACACS
/ XTACACS / TACACS+ authentication is enabled on the Switch, it will contact a TACACS /
XTACACS / TACACS+ server to verify the user. If the user is verified, he or she is granted
access to the Switch.
There are currently three versions of the TACACS security protocol, each a separate entity.
The Switch’s software supports the following versions of TACACS:
•
TACACS (Terminal Access Controller Access Control System) — Provides
password checking and authentication, and notification of user actions for security purposes
utilizing via one or more centralized TACACS servers, utilizing the UDP protocol for packet
transmission.
• Extended TACACS (XTACACS) — An extension of the TACACS protocol with
the ability to provide more types of authentication requests and more types of response codes
than TACACS. This protocol also uses UDP to transmit packets.
•
TACACS+ (Terminal Access Controller Access Control System plus) — Provides
detailed access control for authentication for network devices. TACACS+ is facilitated
through Authentication commands via one or more centralized servers. The TACACS+
protocol encrypts all traffic between the Switch and the TACACS+ daemon, using the TCP
protocol to ensure reliable delivery.
In order for the TACACS / XTACACS / TACACS+ security function to work properly, a
TACACS / XTACACS / TACACS+ server must be configured on a device other than the
Switch, called an Authentication Server Host, and it must include usernames and passwords
for authentication. When the user is prompted by the Switch to enter usernames and
passwords for authentication, the Switch contacts the TACACS / XTACACS / TACACS+
server to verify, and the server will respond with one of three messages:
• The server verifies the username and password, and the user is granted normal user
privileges on the Switch.
• The server will not accept the username and password and the user is denied access to
the Switch.
• The server does not respond to the verification query. At this point, the Switch receives
the timeout from the server and then moves to the next method of verification configured
in the method list.
The Switch has three built-in Authentication Server Groups, one for each of the TACACS,
XTACACS, and TACACS+ protocols. These built-in Authentication Server Groups are used
to authenticate users trying to access the Switch. The users will set Authentication Server
To Next Page
Loading...
