C
HAPTER
4
| Configuring the Switch
Configuring Authentication for Management Access and 802.1X
– 66 –
◆ When using RADIUS or TACACS+ logon authentication, the user name
and password must be configured on the authentication server. The
encryption methods used for the authentication process must also be
configured or negotiated between the authentication server and logon
client. This switch can pass authentication messages between the
server and client that have been encrypted using MD5 (Message-Digest
5), TLS (Transport Layer Security), or TTLS (Tunneled Transport Layer
Security).
N
OTE
:
This guide assumes that RADIUS and TACACS+ servers have already
been configured to support AAA. The configuration of RADIUS and
TACACS+ server software is beyond the scope of this guide. Refer to the
documentation provided with the RADIUS and TACACS+ server software.
PARAMETERS
The following parameters are displayed on the Authentication Configuration
page:
Client Configuration
◆ Client – Specifies how the administrator is authenticated when logging
into the switch via Telnet, SSH, a web browser, or the console interface.
◆ Authentication Method – Selects the authentication method.
(Options: None, Local, RADIUS, TACACS+; Default: Local)
Selecting the option “None” disables access through the specified
management interface.
◆ Fallback – Uses the local user database for authentication if none of
the configured authentication servers are alive. This is only possible if
the Authentication Method is set to something else than “none” or
“local.”
Common Server Configuration
◆ Timeout – The time the switch waits for a reply from an authentication
server before it resends the request. (Range: 3-3600 seconds;
Default: 15 seconds)
◆ Dead Time – The time after which the switch considers an
authentication server to be dead if it does not reply.
(Range: 0-3600 seconds; Default: 300 seconds)
Setting the Dead Time to a value greater than 0 (zero) will cause the
authentication server to be ignored until the Dead Time has expired.
However, if only one server is enabled, it will never be considered dead.
RADIUS/TACACS+ Server Configuration
◆ Enabled – Enables the server specified in this entry.
To Next Page
Loading...
