Chapter 26 AAA
XGS4600 Series User’s Guide
289
The following table describes the labels in this screen.
Table 116 Advanced Application > AAA > AAA Setup
LABEL DESCRIPTION
Authentication Use this section to specify the methods used to authenticate users accessing the Switch.
Privilege Enable These fields specify which database the Switch should use (first, second and third) to
authenticate access privilege level for administrator accounts (users for Switch management).
Configure the access privilege of accounts through commands (see the Ethernet Switch CLI
Reference Guide) for local authentication. The TACACS+ and RADIUS are external servers.
Before you specify the priority, make sure you have set up the corresponding database
correctly first.
You can specify up to three methods for the Switch to authenticate the access privilege level
of administrators. The Switch checks the methods in the order you configure them (first Method
1, then Method 2 and finally Method 3). You must configure the settings in the Method 1 field. If
you want the Switch to check other sources for access privilege level specify them in Method 2
and Method 3 fields.
Select local to have the Switch check the access privilege configured for local authentication.
Select radius or tacacs+ to have the Switch check the access privilege through the external
servers.
Login These fields specify which database the Switch should use (first, second and third) to
authenticate administrator accounts (users for Switch management).
Configure the local user accounts in the Access Control > Logins screen. The TACACS+ and
RADIUS are external servers. Before you specify the priority, make sure you have set up the
corresponding database correctly first.
You can specify up to three methods for the Switch to authenticate administrator accounts.
The Switch checks the methods in the order you configure them (first Method 1, then Method 2
and finally Method 3). You must configure the settings in the Method 1 field. If you want the
Switch to check other sources for administrator accounts, specify them in Method 2 and
Method 3 fields.
Select local to have the Switch check the administrator accounts configured in the Access
Control > Logins screen.
Select radius to have the Switch check the administrator accounts configured through the
RADIUS Server.
Select tacacs+ to have the Switch check the administrator accounts configured through the
TACACS+ Server.
Authorization Use this section to configure authorization settings on the Switch.
Type Set whether the Switch provides the following services to a user.
• Exec: Allow an administrator which logs into the Switch through Telnet or SSH to have a
different access privilege level assigned through the external server.
• Dot1x: Allow an IEEE 802.1x client to have different bandwidth limit or VLAN ID assigned
through the external server.
Active Select this to activate authorization for a specified event type.
Console Select this to allow an administrator which logs in the Switch through the console port to have
different access privilege level assigned through the external server.
Method Select whether you want to use RADIUS or TACACS+ for authorization of specific types of
events.
RADIUS is the only method for IEEE 802.1x authorization.
Accounting Use this section to configure accounting settings on the Switch.
Update Period This is the amount of time in minutes before the Switch sends an update to the accounting
server. This is only valid if you select the start-stop option for the Exec or Dot1x entries.
To Next Page
Loading...
