System Management Guide Security
Edition: 01 3HE 11018 AAAC TQZZA 21
3.1.1.2 RADIUS Authentication
Remote Authentication Dial-In User Service (RADIUS) is a client/server security
protocol and software that enables remote access servers to communicate with a
central server to authenticate dial-in users and authorize access to the requested
system or service.
RADIUS allows you to maintain user profiles in a shared central database and
provides better security, allowing a company to set up a policy that can be applied at
a single administered network point.
3.1.1.2.1 RADIUS Server Selection
Up to five RADIUS servers can be configured. They can be selected to authenticate
user requests in two ways, using either the direct method or the round-robin method.
The default method is direct.
Direct
In direct mode, the first server, as defined by the server-index command, is the
primary server. This server is always used first when authenticating a request.
Round-robin
In round-robin mode, the server used to authenticate a request is the next server in
the list, following the last authentication request. For example, if server 1 is used to
authenticate the first request, server 2 is used to authenticate the second request,
and so on.
3.1.1.3 TACACS+ Authentication
Terminal Access Controller Access Control System, commonly referred to as
TACACS, is an authentication protocol that allows a remote access server to forward
a user's login password to an authentication server to determine whether access can
be allowed to a given system. TACACS is an encryption protocol and therefore less
secure than the later Terminal Access Controller Access Control System Plus
(TACACS+) and RADIUS protocols.
To Next Page
Loading...
