Filter
Top Products
Chapter 17: RADIUS and TACACS+ Clients
200
Overview
The switch has RADIUS and TACACS+ clients for remote authentication.
Here are the features that use remote authentication:
802.1x port-based network access control. This feature lets you
increase network security by requiring that network users log on with
user names and passwords before the switch forwards their packets.
This feature is described in Chapter 18, “802.1x Port-based Network
Access” on page 215.
Remote manager accounts. This feature lets you add manager
accounts to the switch by transferring the authenticating task from the
switch to an authentication server on your network. Accounts that the
switch authenticates are called local accounts. This feature is
described in “Managing Local User Accounts” on page 53.
The RADIUS client supports both features, but the TACACS+ client
supports only the remote manager accounts feature. Here are the
guidelines:
Only one client can be active on the switch at a time.
If you want to use only the remote manager account feature, you can
use either RADIUS or TACACS+ because both clients support that
feature.
If you want to use 802.1x port-based network access control, you have
to use the RADIUS client because the TACACS+ client does not
support that feature.
Remote Manager
Accounts
The switch comes with one local manager account. The account is
referred to as a local account because the switch authenticates the user
name and password when a manager uses the account to log on. If the
user name and password are valid, the switch allows the individual to
access its management software. Otherwise, it cancels the login to
prevent unauthorized access.
There are two ways to add more manager accounts. The first way is to
create additional local accounts. For more information about local
accounts, see “Managing Local User Accounts” on page 53.
The second way to add more accounts is with a RADIUS or TACACS+
authentication server on your network. With either authentication method,
the authentication of the user names and passwords of the manager
accounts is performed by one or more authentication servers. The switch
forwards the information to the servers when managers log on.