ZyXEL Communications XS3800-28 User Manual page 301

The following table describes the labels in this screen.
Table 118 Advanced Application > AAA > AAA Setup
L ABEL DESC RIPT IO N
Authentication Use this section to specify the methods used to authenticate users accessing the Switch.
Privilege Enable These fields specify which database the Switch should use (first, second and third) to
authenticate access privilege level for administrator accounts (users for Switch management).
Configure the access privilege of accounts via commands (see the Ethernet Switch CLI
Reference Guide) for
Before you specify the priority, make sure you have set up the corresponding database
correctly first.
You can specify up to three methods for the Switch to authenticate the access privilege level
of administrators. The Switch checks the methods in the order you configure them (first
, then
1
you want the Switch to check other sources for access privilege level specify them in
and
Me tho d 3
Select
Select
Login These fields specify which database the Switch should use (first, second and third) to
authenticate administrator accounts (users for Switch management).
Configure the local user accounts in the
RADIUS are external servers. Before you specify the priority, make sure you have set up the
corresponding database correctly first.
You can specify up to three methods for the Switch to authenticate administrator accounts.
The Switch checks the methods in the order you configure them (first
and finally
Switch to check other sources for administrator accounts, specify them in
Me tho d 3
Select
C o ntro l
Select
Server.
Select
TACACS+ Server
Authorization Use this section to configure authorization settings on the Switch.
Type Set whether the Switch provides the following services to a user.
•
Exe c
different access privilege level assigned via the external server.
•
Do t1x
the external server.
Active Select this to activate authorization for a specified event types.
Console Select this to allow an administrator which logs in the Switch through the console port to have
different access privilege level assigned via the external server.
Method Select whether you want to use RADIUS or TACACS+ for authorization of specific types of
events.
RADIUS is the only method for IEEE 802.1x authorization.
Accounting Use this section to configure accounting settings on the Switch.
Update Period This is the amount of time in minutes before the Switch sends an update to the accounting
server. This is only valid if you select the
Chapter 26 AAA
authentication. The
lo c a l
and finally
Me tho d 2 Me tho d 3
fields.
to have the Switch check the access privilege configured for local authentication.
lo c a l
or to have the Switch check the access privilege via the external servers.
ra dius ta c a c s+
). You must configure the settings in the
Me tho d 3
fields.
to have the Switch check the administrator accounts configured in the
lo c a l
> screen.
L o g ins
to have the Switch check the administrator accounts configured via the RADIUS
ra dius
to have the Switch check the administrator accounts configured via the
ta c a c s+
.
: Allow an administrator which logs into the Switch through Telnet or SSH to have a
: Allow an IEEE 802.1x client to have different bandwidth limit or VLAN ID assigned via
XS3800-28 User's Guide
301
and
T AC AC S+ RADIUS
). You must configure the settings in the
> screen. The TACACS+ and
Ac c e ss C o ntro l L o g ins
Me tho d 1
option for the
sta rt- sto p Exe c
are external servers.
Me tho d
field. If
Me tho d 1
Me tho d 2
, then
Me tho d 1 Me tho d 2
field. If you want the
and
Me tho d 2
Ac c e ss
or entries.
Do t1x