Table of Contents
Advertisement
4 Configuration
Select Group Name, Protocol and IP address then click Add to implement the changes.
Security > Access Authentication Control > Authentication Server
This Authentication Server page will set user-defined Authentication Server Hosts for the TACACS+ and
RADIUS security protocols on the Switch. When a user attempts to access the Switch with Authentication
Policy enabled, the Switch will send authentication packets to a remote TACACS+ or RADIUS server host on
a remote host. The TACACS+ or RADIUS server host will then verify or deny the request and return the
appropriate message to the Switch. More than one authentication protocol can be run on the same physical
server host but, remember that TACACS+ and RADIUS are separate entities and are not compatible with
each other. The maximum supported number of server hosts is 16.
Figure 4.148 – Security > Access Authentication control > Authentication Server
To add an Authentication Server Host:
IP Address: Select IPv4 or IPv6 and enter the IP address.
Protocol: The protocol used by the server host. The user may choose one of the following:
TACACS+ – Enter this parameter if the server host utilizes the TACACS+ protocol.
RADIUS – Enter this parameter if the server host utilizes the RADIUS protocol.
Key: Authentication key to be shared with a configured TACACS+ or RADIUS servers only. Specify an
alphanumeric string up to 254 characters.
Port (1 - 65535): Enter a number between 1 and 65535 to define the virtual port number of the
authentication protocol on a server host. The default port number is 49 for TACACS+ server and 1813 for
RADIUS servers but the user may set a unique port number for higher security.
Timeout (1 - 255): Enter the time in seconds the Switch will wait for the server host to reply to an
authentication request. The default value is 5 seconds.
Retransmit (1 - 255): Enter the value in the retransmit field to change how many times the device will resend
an authentication request when the TACACS server does not respond.
Click Apply to add a new Authentication Server Host.
DES-1210/ME Series Metro Ethernet Managed Switch User Manual
NOTE: The user must configure Authentication
Server Hosts using the Authentication Server
Hosts page before adding hosts to the list.
Authentication Server Hosts must be configured
for their specific protocol on a remote centralized
server before this function can work properly.
NOTE: The two built in server groups can only
have server hosts running the same TACACS
daemon. The TACACS+ and RADIUS protocols
are separate entities and are not compatible with
each other.
NOTE: More than one authentication protocol can
be run on the same physical server host.
92
Advertisement
Table of Contents
