Manualshelf

System information

ManualsBrandsPlanex ManualsComputer equipmentFMS-24K
31323334353637383940
2-12
Configuring the Switch
2
CLI – Assign a user name to access-level 15 (i.e., administrator), then specify
the password.
Configuring RADIUS/TACACS Logon Authentication
You can configure this switch to authenticate users logging into the system for
management access using local, RADIUS, or TACACS+ authentication methods.
RADIUS and TACACS+ are logon authentication protocols that use software
running on a central server to control access to RADIUS-aware or TACACS+-aware
devices on the network. An authentication server contains a database of multiple
user name/ password pairs with associated privilege levels for each user that
requires management access to a switch.
Like RADIUS, Terminal Access Controller Access Control System Plus (TACACS+)
is a system that uses a central server to control authentication
for access to
switches on the network.
Command Usage
By default, management access is always checked against the authentication
database stored on the local switch. If a remote authentication server is used, you
must specify the authentication sequence and the corresponding parameters for
the remote authentication protocol.
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort
delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS
encrypts only the password in the access-request packet from the client to the
server, while TACACS+ encrypts the entire body of the packet.
RADIUS and TACACS+ logon authentication control management access via the
console port, Web browser, or Telnet. These access options must be configured
on the authentication server.
RADIUS and TACACS+ logon authentication assign a specific privilege level for
each user name/password pair. The user name, password, and privilege level
must be configured on the authentication server.
You can specify up to three authentication methods for any user to indicate the
authentication sequence. For example, if you select (1) RADIUS, (2) TACACS+
and (3) Local, the user name and password on the RADIUS server is verified first.
If the RADIUS server is not available, then authentication is attempted using the
TACACS+ server, and finally the local user name and password is checked.
Command Attributes
Authentication – Select the authentication, or authentication sequence required:
- RADIUS – User authentication is performed using a RADIUS server only.
Console(config)#username bob access-level 15 3-21
Console(config)#username bob password 0 smith
Console(config)#