Filter
Top Products
Chapter 88: RADIUS and TACACS+ Clients
1364
the switch, the privilege level of an account is ignored and all accounts
have access to the entire command mode structure.
Here are the main steps to using the remote manager accounts feature on
the switch:
1. Install TACACS+ or RADIUS server software on one or more of your
network servers or management stations. Authentication protocol
server software is not available from Allied Telesis.
2. Add the new manager accounts to the authentication servers. Here
are the guidelines:
– Assign each account a user name and password. The maximum
length of a user name is 38 alphanumeric characters and spaces,
and the maximum length of a password is 16 alphanumeric
characters and spaces.
– Assign each account a privilege level. This process differs
depending on the server software. The TACACS+ server provides
sixteen levels of the Privilege attribute (0 to 15); however, the AT-
9000 switch provides only two settings of the Privilege attribute (0 or
15). If command mode restriction is active on the switch, a manager
account with a privilege level of 0 is restricted to the User Exec
mode, while an account with a privilege level of 15 has access to all
the command modes.
Note
If you enter a value other than 0 or 15 for the TACACS+ privilege
level, the switch does not recognize the privilege level and responds
with a “failed to authenticate” error message.
For RADIUS, the management level is controlled by the Service Type
attribute. Of its 11 values, only two apply to the switch. A value of “NAS
Prompt” is equivalent to a privilege level of 1, while a value of
“Administrative” is equivalent to the privilege level 15.
Note
This manual does not explain how to configure a TACACS+ or
RADIUS server. For instructions, refer to the documentation
included with the server software.
3. Assign the switch a management IP address. For instructions, refer to
“What to Configure First” on page 42 or Chapter 13, “IPv4 and IPv6
Management Addresses” on page 257.