Allied Telesis AT-9000/52 User Manual
Chapter 15: Setting RADIUS and TACACS+ Clients
164
Overview
The switch has RADIUS and TACACS+ clients for remote authentication.
Here are the features that use remote authentication:
Here are the features that use remote authentication:
802.1x port-based network access control. This feature lets you
increase network security by requiring that network users log on with
user names and passwords before the switch will forward their
packets. This feature is described in Chapter 16, “Setting 802.1x Port-
based Network Access” on page 175.
increase network security by requiring that network users log on with
user names and passwords before the switch will forward their
packets. This feature is described in Chapter 16, “Setting 802.1x Port-
based Network Access” on page 175.
Remote manager accounts. This feature lets you add manager
accounts to the switch by transferring the task of authenticating
the accounts from the switch to an authentication server on your
network. This feature is described in “Managing User Accounts” on
page 45.
accounts to the switch by transferring the task of authenticating
the accounts from the switch to an authentication server on your
network. This feature is described in “Managing User Accounts” on
page 45.
The RADIUS client supports both features, but the TACACS+ client
supports only the remote manager accounts feature. Here are the
guidelines:
supports only the remote manager accounts feature. Here are the
guidelines:
Only one client can be active on the switch at a time.
If you want to use just the remote manager account feature, you can
use either RADIUS or TACACS+ because both clients support that
feature.
use either RADIUS or TACACS+ because both clients support that
feature.
If you want to use 802.1x port-based network access control, you have
to use the RADIUS client because the TACACS+ client does not
support that feature.
to use the RADIUS client because the TACACS+ client does not
support that feature.
Remote Manager
Accounts
The switch comes with one local manager account. The account is
referred to as a local account because the switch authenticates the user
name and password when a manager uses the account to log on. If the
user name and password are valid, the switch allows the individual to
access its management software. Otherwise, it cancels the login to
prevent unauthorized access.
referred to as a local account because the switch authenticates the user
name and password when a manager uses the account to log on. If the
user name and password are valid, the switch allows the individual to
access its management software. Otherwise, it cancels the login to
prevent unauthorized access.
There are two ways to add more manager accounts. The first way is to
create additional local accounts.This is explained in the following chapters
in the AlliedWare Plus Management Software Command Line Interface
User’s Guide:
create additional local accounts.This is explained in the following chapters
in the AlliedWare Plus Management Software Command Line Interface
User’s Guide:
Chapter 66: Local Manager Accounts
Chapter 67: Local Manager Account Commands
The second way to add more accounts is with a RADIUS or TACACS+
authentication server on your network. With either authentication method,
the authentication of the user names and passwords of the manager
accounts is performed by one or more authentication servers. The switch
authentication server on your network. With either authentication method,
the authentication of the user names and passwords of the manager
accounts is performed by one or more authentication servers. The switch