C
HAPTER
13
| Security Measures
AAA Authorization and Accounting
– 248 –
WEB INTERFACE
To configure the method(s) of controlling management access:
1. Click Security, AAA, System Authentication.
2. Specify the authentication sequence (i.e., one to three methods).
3. Click Apply.
Figure 118: Configuring the Authentication Sequence
CONFIGURING REMOTE
LOGON
AUTHENTICATION
SERVERS
Use the Security > AAA > Server page to configure the message exchange
parameters for RADIUS or TACACS+ remote access authentication servers.
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access
Controller Access Control System Plus (TACACS+) are logon authentication
protocols that use software running on a central server to control access to
RADIUS-aware or TACACS-aware devices on the network. An
authentication server contains a database of multiple user name/password
pairs with associated privilege levels for each user that requires
management access to the switch.
Figure 119: Authentication Server Operation
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort
delivery, while TCP offers a connection-oriented transport. Also, note that
RADIUS encrypts only the password in the access-request packet from the
client to the server, while TACACS+ encrypts the entire body of the packet.
CLI REFERENCES
â—† "RADIUS Client" on page 662
â—† "TACACS+ Client" on page 666
â—† "AAA" on page 669
Web
Telnet
RADIUS/
TACACS+
server
console
1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.
To Next Page
Loading...
Need help?
General
