ZyXEL Communications MES3500-24 User Manual
Chapter 25 AAA
MES3500-24/24F User’s Guide
202
25.1.2 RADIUS and TACACS+
RADIUS and TACACS+ are security protocols used to authenticate users by means of an external
server instead of (or in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate
an unlimited number of users from a central location.
server instead of (or in addition to) an internal device user database that is limited to the memory
capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate
an unlimited number of users from a central location.
The following table describes some key differences between RADIUS and TACACS+.
25.2 AAA Screens
The AAA screens allow you to enable authentication, authorization, accounting or all of them on the
Switch. First, configure your authentication and accounting server settings (RADIUS, TACACS+ or
both) and then set up the authentication priority, activate authorization and configure accounting
settings.
Switch. First, configure your authentication and accounting server settings (RADIUS, TACACS+ or
both) and then set up the authentication priority, activate authorization and configure accounting
settings.
Click Advanced Application > AAA in the navigation panel to display the screen as shown.
Figure 106
Advanced Application > AAA
25.2.1 RADIUS Server Setup
Use this screen to configure your RADIUS server settings. See
for more
for RADIUS attributes utilized by the
Table 66
RADIUS vs TACACS+
RADIUS
TACACS+
Transport
Protocol
Protocol
UDP (User Datagram Protocol)
TCP (Transmission Control Protocol)
Encryption
Encrypts the password sent for
authentication.
authentication.
All communication between the client (the
Switch) and the TACACS server is
encrypted.
Switch) and the TACACS server is
encrypted.