Authenticating Users Using Radius Or Tacacs; Radius - Extreme Networks ExtremeWare XOS Guide Manual
Concepts guide
Hide thumbs
Also See for ExtremeWare XOS Guide:
- Command reference manual (2024 pages) ,
- Manual (496 pages) ,
- Command reference manual (970 pages)
Table of Contents
Advertisement
Security
Authenticating Users Using RADIUS or TACACS+
ExtremeWare XOS provides three methods to authenticate users who login to the switch:
RADIUS
●
TACACS+
●
Local database of accounts and passwords
●
RADIUS, TACACS+, local database of accounts and passwords, and SSH are management access
security features that control access to the management functions available on the switch. These features
help ensure that any configuration changes to the switch can be done only by authorized users.
The information in this section describes RADIUS and TACACS+. For a detailed description of the local
database of accounts and passwords (the two levels of management accounts), see
"Accessing the
RADIUS
Remote Authentication Dial In User Service (RADIUS), in RFC 2138, is a mechanism for authenticating
and centrally administrating access to network nodes. The ExtremeWare XOS RADIUS implementation
allows authentication for Telnet or console access to the switch.
NOTE
You cannot enable RADIUS and TACACS+ at the same time.
You define a primary and secondary RADIUS server for the switch to contact. When a user attempts to
log in using Telnet, HTTP, or the console, the request is relayed to the primary RADIUS server and then
to the secondary RADIUS server, if the primary does not respond. If the RADIUS client is enabled, but
access to the RADIUS primary and secondary server fails, the switch uses its local database for
authentication. Beginning with ExtremeWare XOS 11.2, you can specify one pair of RADIUS servers for
switch management and another pair for network login.
The privileges assigned to the user (admin versus nonadmin) at the RADIUS server take precedence
over the configuration in the local switch database.
This section describes the following topics:
Configuring the RADIUS Servers on page 323
●
Configuring the RADIUS Timeout Value on page 323
●
Configuring the Shared Secret Password for RADIUS Servers on page 323
●
Enabling and Disabling RADIUS on page 323
●
Configuring RADIUS Accounting on page 324
●
Configuring the RADIUS Accounting Timeout Value on page 324
●
Configuring the Shared Secret Password for RADIUS Accounting Servers on page 324
●
Enabling and Disabling RADIUS Accounting on page 325
●
322
Switch." For information about SSH, see
"Secure Shell 2" on page
ExtremeWare XOS 11.3 Concepts Guide
Chapter
2,
335.
Advertisement
Chapters
Table of Contents
Troubleshooting
