ZyXEL Communications Plumbing Product metrogigabit switch User Manual

Chapter 25 AAA

MGS3700-12C User’s Guide

) as external authentication, authorization and accounting 

servers. 

Figure 123   AAA Server 

By storing user profiles locally on the Switch, your Switch is able to authenticate 
and authorize users without interacting with a network AAA server. However, there 
is a limit on the number of users you may authenticate in this way (See 

). 

RADIUS and TACACS+ are security protocols used to authenticate users by means 
of an external server instead of (or in addition to) an internal device user database 
that is limited to the memory capacity of the device. In essence, RADIUS and 
TACACS+ authentication both allow you to validate an unlimited number of users 
from a central location. 

The following table describes some key differences between RADIUS and 
TACACS+. 

The AAA screens allow you to enable authentication, authorization, accounting or 
all of them on the Switch. First, configure your authentication and accounting 
server settings (RADIUS, TACACS+ or both) and then set up the authentication 
priority, activate authorization and configure accounting settings. 

Table 72   RADIUS vs TACACS+ 

Transport 
Protocol

UDP (User Datagram Protocol)

TCP (Transmission Control Protocol)

Encryption

Encrypts the password sent for 
authentication.

All communication between the client 
(the Switch) and the TACACS server 
is encrypted.