Filter
Top Products
AT-9000 Switch Command Line User’s Guide
1365
4. Configure the RADIUS or TACACS+ client on the switch by entering
the IP addresses of up to three authentication servers. For instructions,
refer to “Managing the RADIUS Client” on page 1366 or “Managing the
TACACS+ Client” on page 1370.
5. Enable the TACACS+ or RADIUS client.
6. Activate remote manager authentication on the switch. For
instructions, refer to “Configuring Remote Authentication of Manager
Accounts” on page 1373.
Note
For information on the RADIUS and TACACS+ authentication
protocols, refer to the RFC 2865 and RFC 1492 standards,
respectively.
Guidelines Here are the guidelines to using the RADIUS and TACACS+ clients:
Only one client can be active on the switch at a time.
The clients can have a maximum of three IP addresses of
authentication servers.
The switch must have a management IP address. For instructions,
refer to Chapter 13, “IPv4 and IPv6 Management Addresses” on
page 257.
The authentication servers on your network must be members of
the same subnet as the management IP address of the switch or
have access to it through routers or other Layer 3 devices.
If the authentication servers are not members of the same subnet
as the management IP address, the switch must have a default
gateway. The default gateway defines the IP address of the first
hop to reaching the remote subnet of the servers. For instructions,
refer to Chapter 13, “IPv4 and IPv6 Management Addresses” on
page 257.
The client polls the servers for authentication information in the
order in which they are listed in the client.
The switch does not support the two earlier versions of the
TACACS+ protocol, TACACS and XTACACS.
The TACACS+ client does not support 802.1x port-based network
access control. You must use the RADIUS client and a RADIUS
server for that feature.