Manualshelf

User`s manual

ManualsBrandsAsante ManualsComputer equipmentIntraCore 36000 Series
51525354555657585960
58 Asanté IntraCore 36000 Series
6.2.1 Usage Guidelines
By default, management access is always checked against the authentication database stored on the local
switch. If a remote authentication server is used, you must specify the authentication sequence and the
corresponding parameters for the remote authentication protocol. Local and remote logon authentication
control management access via the console port, web browser, or Telnet.
RADIUS and TACACS+ logon authentication assign a specific privilege level for each user name/password
pair. The user name, password, and privilege level must be configured on the authentication server.
You can specify up to three authentication methods for any user to indicate the authentication sequence. For
example, if you select (1) RADIUS, (2) TACACS and (3) Local, the user name and password on the RADIUS
server is verified first. If the RADIUS server is not available, then authentication is attempted using the
TACACS+ server, and finally the local user name and password is checked.
6.2.2 Command Attributes
Authentication – Select the authentication, or authentication sequence required:
Local – User authentication is performed only locally by the switch.
Radius – User authentication is performed using a RADIUS server only.
TACACS – User authentication is performed using a TACACS+ server only.
[authentication sequence] – User authentication is performed by up to three authentication methods in the
indicated sequence.
6.2.3 RADIUS Settings
Server IP Address – Address of authentication server. (Default: 0.0.0.0)
Server Port Number – Network (UDP) port of authentication server used for authentication messages.
(Range: 1-65535; Default: 1812)
Secret Text String – Encryption key used to authenticate logon access for client. Do not use blank spaces in
the string. (Maximum length: 20 characters)
Number of Server Transmits – Number of times the switch tries to authenticate logon access via the
authentication server. (Range: 1-30; Default: 2)
Timeout for a reply – The number of seconds the switch waits for a reply from the RADIUS server before it
resends the request. (Range: 1-65535; Default: 5)
6.2.4 TACACS Settings
Server IP Address – Address of the TACACS+ server. (Default: 0.0.0.0)
Server Port Number – Network (TCP) port of TACACS+ server used for authentication messages. (Range:
1-65535; Default: 49)
Secret Text String – Encryption key used to authenticate logon access for client. Do not use blank spaces in
the string. (Maximum length: 20 characters)
Note: The local switch user database has to be set up by manually entering user names and passwords
using the CLI. (See the username command in Chapter 16.)