S
ECURITY
2-15
CLI – Assign a user name to access-level 15 (i.e., administrator), then
specify the password.
Configuring RADIUS/TACACS Logon Authentication
You can configure this switch to authenticate users logging into the system
for management access using local, RADIUS, or TACACS+ authentication
methods.
RADIUS and TACACS+ are logon authentication protocols that use
software running on a central server to control access to RADIUS-aware
or TACACS+-aware devices on the network. An authentication server
contains a database of multiple user name, password pairs with associated
privilege levels for each user that requires management access to a switch.
Like RADIUS, Terminal Access Controller Access Control System Plus
(TACACS+) is a system that uses a central server to control authentication
for access to switches on the network.
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best
effort delivery, while TCP offers a connection-oriented transport. Also,
note that RADIUS encrypts only the password in the access-request
packet from the client to the server, while TACACS+ encrypts the entire
body of the packet.
Command Usage
• By default, management access is always checked against the
authentication database stored on the local switch. If a remote
authentication server is used, you must specify the authentication
sequence and the corresponding parameters for the remote
authentication protocol.
Console(config)#username bob access-level 15 3-27
Console(config)#username bob password 0 smith
Console(config)#
To Next Page
Loading...
