Security
Extreme switches grant a RADIUS-authenticated user read-write privilege if a Service-Type value of 6 is
transmitted as part of the Access-Accept message from the Radius server. Other Service-Type values, or
no value, result in the switch granting read-only access to the user. Different implementations of
RADIUS handle attribute transmission differently. You should consult the documentation for your
specific implementation of RADIUS when you configure users for read-write access.
Configuring TACACS+
Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing
authentication, authorization, and accounting on a centralized server, similar in function to RADIUS.
The ExtremeWare XOS version of TACACS+ is used to authenticate prospective users who are
attempting to administer the switch. TACACS+ is used to communicate between the switch and an
authentication database.
NOTE
You cannot use RADIUS and TACACS+ at the same time.
You can configure two TACACS+ servers, specifying the primary server address, secondary server
address, and TCP port number to be used for TACACS+ sessions.
132
ExtremeWare XOS 10.1 Concepts Guide