Table of Contents
Advertisement
Chapter 12
| Security Measures
AAA (Authentication, Authorization and Accounting)
Configuring
Remote Logon
Authentication
Servers
Web Interface
To configure the method(s) of controlling management access:
1.
Click Security, AAA, System Authentication.
2.
Specify the authentication sequence (i.e., one to three methods).
3.
Click Apply.
Figure 136: Configuring the Authentication Sequence
Use the Security > AAA > Server page to configure the message exchange
parameters for RADIUS or TACACS+ remote access authentication servers.
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access
Controller Access Control System Plus (TACACS+) are logon authentication
protocols that use software running on a central server to control access to RADIUS-
aware or TACACS-aware devices on the network. An authentication server contains
a database of multiple user name/password pairs with associated privilege levels
for each user that requires management access to the switch.
Figure 137: Authentication Server Operation
Web
Telnet
RADIUS/
TACACS+
server
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery,
while TCP offers a more reliable connection-oriented transport. Also, note that
RADIUS encrypts only the password in the access-request packet from the client to
the server, while TACACS+ encrypts the entire body of the packet.
1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.
– 226 –
console
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
