Radius-Based Dynamic Vlan Assignment; Tacacs+; Ldap (Lightweight Directory Access Protocol) - Fujitsu PSWITCH 2048T User Manual

User's Guide FUJITSU PSWITCH

3.1.5.6.1. RADIUS-Based Dynamic VLAN Assignment

The software can dynamically create VLANs in the system when the VLANs assigned
by RADIUS servers for 802.1X-authenticated clients do not exist in the system. This
is supported only for VLAN IDs (numbers)—not for RADIUS server VLAN names.

3.1.5.7. TACACS+

TACACS+ provides access control for networked devices using one or more
centralized servers, similar to RADIUS this protocol simplifies authentication by
making use of a single database that can be shared by many clients on a large
network. TACACS+ is based on the TACACS protocol (described in RFC1492) but
additionally provides for separate authentication, authorization and accounting
services. The original protocol was UDP based with messages passed in clear text
over the network; TACACS+ uses TCP to ensure reliable delivery and a shared key
configured on the client and daemon server to encrypt all messages.
If you configure TACACS+ as the authentication method for user login and a user
attempts to access the user interface on the switch, the switch prompts for the user
login credentials and requests services from the TACACS+ client. The client then
uses the configured list of servers for authentication, and provides results back to
the switch.
You can configure each server host with a specific connection type, port, timeout,
and shared key, or you can use global configuration for the key and timeout.

3.1.5.8. LDAP (Lightweight Directory Access Protocol)

Lightweight Directory Access Protocol (LDAP) client is integrated into this software
as an authentication method. With this method user should authenticated by their
name and password with LDAP server when they want to access to device. LDAP
use Distinguished Names (DN) as user name which contains user name,
organization name, and domain name. For user easily uses LDAP to authenticate
user account. This software support user can set organization name, and domain
name as base DN, so user can just focus their name. There are two user account
type of LDAP which this software support. First is common name (CN) the other is
user id (uid). User can set one of above type to authenticate with LDAP server. By
the ways, this software support LDAP client with LDAP version 3. And this software
also support user connecting LDAP server without security or with SSL security.
December/2018 105