Allied Telesis AT-S63 User Manual
AT-S63 Management Software Features Guide
Section IX: Management Security
425
Overview
TACACS+ and RADIUS are authentication protocols that can enhance the
security of your network. In general terms, these authentication protocols
transfer the task of authenticating network access from a network device
to an authentication protocol server.
security of your network. In general terms, these authentication protocols
transfer the task of authenticating network access from a network device
to an authentication protocol server.
The AT-S62 software comes with TACACS+ and RADIUS client software.
You can use the client software to add two security features to the switch.
The first feature, described in this chapter, creates new manager accounts
for controlling who can log onto a switch to change its parameter settings.
The second feature is 802.1x Port-based Access Control, explained in
Chapter 31, “802.1x Port-based Network Access Control” on page 355,
which controls access to the ports on the switch by the end users and end
nodes.
You can use the client software to add two security features to the switch.
The first feature, described in this chapter, creates new manager accounts
for controlling who can log onto a switch to change its parameter settings.
The second feature is 802.1x Port-based Access Control, explained in
Chapter 31, “802.1x Port-based Network Access Control” on page 355,
which controls access to the ports on the switch by the end users and end
nodes.
This chapter explains the manager accounts feature. The AT-S63
Management Software has two standard manager login accounts:
manager and operator. The manager account lets you change a switch’s
parameter settings while the operator account lets you view the settings,
but not change them. Each account has its own password. The manager
account has a default password of “friend” and the operator account has a
default password “operator.”
Management Software has two standard manager login accounts:
manager and operator. The manager account lets you change a switch’s
parameter settings while the operator account lets you view the settings,
but not change them. Each account has its own password. The manager
account has a default password of “friend” and the operator account has a
default password “operator.”
For those networks managed by just one or two network managers, you
might not need any additional accounts. However, for larger networks
managed by several network managers, you might want to give each
manager his or her own management login account for a switch rather
than have them share an account.
might not need any additional accounts. However, for larger networks
managed by several network managers, you might want to give each
manager his or her own management login account for a switch rather
than have them share an account.
This is where TACACS+ and RADIUS can be useful. TACACS+ is an
acronym for Terminal Access Controller Access Control System. RADIUS
is an acronym for Remote Authentication Dial In User Services. These are
authentication protocols. You can use protocols to transfer the task of
validating management access from the AT-9400 Switch to an
authentication protocol server, and so be able to create your own manager
accounts.
acronym for Terminal Access Controller Access Control System. RADIUS
is an acronym for Remote Authentication Dial In User Services. These are
authentication protocols. You can use protocols to transfer the task of
validating management access from the AT-9400 Switch to an
authentication protocol server, and so be able to create your own manager
accounts.
With these protocols you can create a series of username and password
combinations that define who can manage the AT-9400 Switch.
combinations that define who can manage the AT-9400 Switch.
There are three basic functions an authentication protocol provides:
Authentication
Authorization
Accounting