ZyXEL Communications XGS-4526 사용자 설명서

Chapter 25 AAA

XGS-4526/4528F/4728F User’s Guide

) as external authentication, authorization and accounting 

servers. 

Figure 110   AAA Server 

By storing user profiles locally on the Switch, your Switch is able to authenticate 
and authorize users without interacting with a network AAA server. However, there 
is a limit on the number of users you may authenticate in this way (See 

). 

RADIUS and TACACS+ are security protocols used to authenticate users by means 
of an external server instead of (or in addition to) an internal device user database 
that is limited to the memory capacity of the device. In essence, RADIUS and 
TACACS+ authentication both allow you to validate an unlimited number of users 
from a central location. 

The following table describes some key differences between RADIUS and 
TACACS+. 

The AAA screens allow you to enable authentication, authorization, accounting or 
all of them on the Switch. First, configure your authentication and accounting 
server settings (RADIUS, TACACS+ or both) and then set up the authentication 
priority, activate authorization and configure accounting settings.

Table 68   RADIUS vs TACACS+ 

Transport 
Protocol

UDP (User Datagram Protocol)

TCP (Transmission Control Protocol)

Encryption

Encrypts the password sent for 
authentication.

All communication between the client 
(the Switch) and the TACACS server 
is encrypted.