DES-3550 Layer 2 Fast Ethernet Switch User’s Guide
118
Hosts in a preferable order in the built-in Authentication Server Groups and when a user tries
to gain access to the Switch, the Switch will ask the first Authentication Server Hosts for
authentication. If no authentication is made, the second server host in the list will be queried,
and so on. The built-in Authentication Server Groups can only have hosts that are running the
specified protocol. For example, the TACACS Authentication Server Groups can only have
TACACS Authentication Server Hosts.
The administrator for the Switch may set up five different authentication techniques per user-
defined method list (TACACS / XTACACS / TACACS+ / local / none) for authentication.
These techniques will be listed in a preferred order, and defined by the user for normal user
authentication on the Switch, and may contain up to eight authentication techniques. When a
user attempts to access the Switch, the Switch will select the first technique listed for
authentication. If the first technique goes through its Authentication Server Hosts and no
authentication is returned, the Switch will then go to the next technique listed in the server
group for authentication, until the authentication has been verified or denied, or the list is
exhausted.
Please note that users granted access to the Switch will be granted normal user privileges on
the Switch. To gain access to administrator level privileges, the user must access the Enable
Admin
window and then enter a previously configured password, set by the administrator of
the Switch.
Policy & Parameters
This command will enable an administrator-defined authentication policy for users trying to
access the Switch. When enabled, the device will check the Login Method List and choose a
technique for user authentication upon login.
To access the following window, click Management > Access Authentication Control >
Policy & Parameters:
Figure 7- 5. Policy & Parameters Settings window
The following parameters can be set:
Parameters Description
Authentication Policy
Use the pull down menu to enable or disable the Authentication
Policy on the Switch.
Response Timeout(1-255)
This field will set the time the Switch will wait for a response of
authentication from the user. The user may set a time between 1
and 255 seconds. The default setting is 30 seconds.
User Attempts(1-255)
This command will configure the maximum number of times the
NOTE:
TACACS, XTACACS, and TACACS+ are separate entities and are
not compatible. The Switch and the server must be configured exactly the
same, using the same protocol. (For example, if the Switch is set up for
TACACS authentication, so must the host server.)
To Next Page
Loading...
