Chapter 56 AAA
GS1920v2 Series User’s Guide
351
Login These fields specify which database the Switch should use (first, second and third) to
authenticate administrator accounts (users for Switch management).
Configure the local user accounts in the SYSTEM > Logins screen. The TACACS+ and RADIUS are
external servers. Before you specify the priority, make sure you have set up the corresponding
database correctly first.
You can specify up to three methods for the Switch to authenticate administrator accounts.
The Switch checks the methods in the order you configure them (first Method 1, then Method 2
and finally Method 3). You must configure the settings in the Method 1 field. If you want the
Switch to check other sources for administrator accounts, specify them in Method 2 and
Method 3 fields.
Select local to have the Switch check the administrator accounts configured in the SYSTEM >
Logins screen.
Select radius to have the Switch check the administrator accounts configured through the
RADIUS Server.
Select tacacs+ to have the Switch check the administrator accounts configured through the
TACACS+ Server.
Authorization
Use this section to configure authorization settings on the Switch.
Type Set whether the Switch provides the following services to a user.
• Exec: Allow an administrator which logs into the Switch through Telnet or SSH to have a
different access privilege level assigned through the external server.
• Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit or VLAN ID assigned
through the external server.
Active Enable the switch button to activate authorization for a specified event type.
Method Select whether you want to use radius or tacacs+ for authorization of specific types of events.
RADIUS is the only method for IEEE 802.1x authorization.
Accounting
Use this section to configure accounting settings on the Switch.
Update
Period
This is the amount of time in minutes before the Switch sends an update to the accounting
server. This is only valid if you select the start-stop option for the Exec or Dot1x entries.
Type The Switch supports the following types of events to be sent to the accounting servers:
• System – Configure the Switch to send information when the following system events occur:
system boots up, system shuts down, system accounting is enabled, system accounting is
disabled.
• Dot1x – Configure the Switch to send information when an IEEE 802.1x client begins a session
(authenticates through the Switch), ends a session as well as interim updates of a session.
Active Enable the switch button to activate accounting for a specified event type.
Broadcast Select this to have the Switch send accounting information to all configured accounting
servers at the same time.
If you do not select this and you have two accounting servers set up, then the Switch sends
information to the first accounting server and if it does not get a response from the accounting
server then it tries the second accounting server.
Table 196 SECURITY > AAA > AAA Setup (continued)
LABEL DESCRIPTION
To Next Page
Loading...
