C
HAPTER
4
| Configuring the Switch
Configuring Security
– 119 –
SPECIFYING
AUTHENTICATION
SERVERS
Use the Authentication Server Configuration page to control management
access based on a list of user names and passwords configured on a
RADIUS or TACACS+ remote access authentication server, and to
authenticate client access for IEEE 802.1X port authentication (see
page 87)
N
OTE
:
This guide assumes that RADIUS and TACACS+ servers have already
been configured to support AAA. The configuration of RADIUS and
TACACS+ server software is beyond the scope of this guide. Refer to the
documentation provided with the RADIUS and TACACS+ server software.
PATH
Advanced Configuration, Security, Network, AAA
PARAMETERS
These parameters are displayed:
Common Server Configuration
◆ Timeout – The time the switch waits for a reply from an authentication
server before it resends the request. (Range: 3-3600 seconds;
Default: 15 seconds)
◆ Dead Time – The time after which the switch considers an
authentication server to be dead if it does not reply.
(Range: 0-3600 seconds; Default: 300 seconds)
Setting the Dead Time to a value greater than 0 (zero) will cause the
authentication server to be ignored until the Dead Time has expired.
However, if only one server is enabled, it will never be considered dead.
RADIUS/TACACS+ Server Configuration
◆ Enabled – Enables the server specified in this entry.
◆ IP Address/Hostname – IP address or IP alias of authentication
server.
◆ Port – Network (UDP) port of authentication server used for
authentication messages. (Range: 1-65535; Default: 0)
If the UDP port is set to 0 (zero), the switch will use 1812 for RADIUS
authentication servers, 1813 for RADIUS accounting servers, or 49 for
TACACS+ authentication servers.
◆ Secret – Encryption key used to authenticate logon access for the
client. (Maximum length: 29 characters)
To set an empty secret, use two quotes (“”). To use spaces in the
secret, enquote the secret. Quotes in the secret are not allowed.
To Next Page
Loading...
