Chapter 12
| Security Measures
AAA (Authentication, Authorization and Accounting)
– 280 –
■
TACACS – User authentication is performed using a TACACS+ server only.
■
[authentication sequence] – User authentication is performed by up to
three authentication methods in the indicated sequence.
Web Interface
To configure the method(s) of controlling management access:
1. Click Security, AAA, System Authentication.
2. Specify the authentication sequence (i.e., one to three methods).
3. Click Apply.
Figure 158: Configuring the Authentication Sequence
Configuring
Remote Logon
Authentication
Servers
Use the Security > AAA > Server page to configure the message exchange
parameters for RADIUS or TACACS+ remote access authentication servers.
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access
Controller Access Control System Plus (TACACS+) are logon authentication
protocols that use software running on a central server to control access to RADIUS-
aware or TACACS-aware devices on the network. An authentication server contains
a database of multiple user name/password pairs with associated privilege levels
for each user that requires management access to the switch.
Figure 159: Authentication Server Operation
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery,
while TCP offers a more reliable connection-oriented transport. Also, note that
Web
Telnet
RADIUS/
TACACS+
server
console
1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.
To Next Page
Loading...
