Chapter 26 AAA
OLT2406 User’s Guide
215
Local User Accounts
By storing user profiles locally on the OLT, your OLT is able to authenticate and authorize users without
interacting with a network AAA server. However, there is a limit on the number of users you may
authenticate in this way (See Section 44.4 on page 358).
RADIUS and TACACS+
RADIUS and TACACS+ are security protocols used to authenticate users by means of an external server
instead of (or in addition to) an internal device user database that is limited to the memory capacity of
the device. In essence, RADIUS and TACACS+ authentication both allow you to validate an unlimited
number of users from a central location.
The following table describes some key differences between RADIUS and TACACS+.
26.2 AAA Screens
The AAA screens allow you to enable authentication and authorization or both of them on the OLT. First,
configure your authentication server settings (RADIUS) and then set up the authentication priority,
activate authorization.
Click Advanced Application > AAA in the navigation panel to display the screen as shown.
Figure 129 Advanced Application > AAA
26.3 RADIUS Server Setup
Use this screen to configure your RADIUS server settings. See RADIUS and TACACS+ on page 215 for more
information on RADIUS servers and Section 26.6.2 on page 222 for RADIUS attributes utilized by the
authentication features on the OLT. Click on the RADIUS Server Setup link in the AAA screen to view the
screen as shown.
Table 75 RADIUS vs. TACACS+
RADIUS TACACS+
Transport
Protocol
UDP (User Datagram Protocol) TCP (Transmission Control Protocol)
Encryption Encrypts the password sent for
authentication.
All communication between the client (the OLT) and
the TACACS server is encrypted.
To Next Page
Loading...
