Configuring Remote Authentication Of Manager Accounts - Allied Telesis AT-9000/28 Command Line User's Manual

Configuring Remote Authentication of Manager Accounts

Section XI: Management Security
You should check to be sure you performed these steps before activating
remote authentication of manager accounts on the switch:
Added at least one RADIUS or TACACS+ server to your network.
Added the manager accounts to the authentication servers.
Assigned the switch a management IP address.
Added the IP addresses of the authentication servers to the RADIUS
or TACACS+ client on the switch.
To activate the feature, use the SERVER-BASED AUTHENTICATION
commands in the Global Configuration mode. There are different
commands for the two clients. Here is the command if you are using
RADIUS:
awplus> enable
awplus# configure terminal
awplus(config)# server-based authentication radius
Here is the command for TACACS+:
awplus> enable
awplus# configure terminal
awplus(config)# server-based authentication tacacs
After the feature is activated, all future log on attempts by managers are
forwarded by the switch to the designated authentication servers for
authentication.
To deactivate the feature, use the NO versions of the commands. This
example deactivates the feature if it is using RADIUS:
awplus> enable
awplus# configure terminal
awplus(config)# no server-based authentication radius
This example deactivates the feature if it is using TACACS+:
awplus> enable
awplus# configure terminal
awplus(config)# no server-based authentication tacacs
The switch supports both local and remote manager accounts at the same
time for different management methods. You can toggle remote manager
authenticator on or off for local, Telnet, and SSH management sessions.
For example, you might configure the switch to use its local manager
accounts for local management sessions and remote manager accounts
for Telnet and SSH management sessions. You can even toggle remote
AT-9000 Switch Command Line User's Guide
1199