Filter
Top Products
C
ONFIGURING
THE
S
WITCH
2-16
CLI – Assign a user name to access-level 15 (i.e., administrator),
then specify the password.
Configuring RADIUS/TACACS+ Logon Authentication
You can configure this switch to authenticate users logging into
the system for management access using local, RADIUS, or
TACACS+ authentication methods.
RADIUS and TACACS+ are logon authentication protocols that use
software running on a central server to control access to
RADIUS-aware or TACACS+-aware devices on the network. An
authentication server contains a database of multiple user name/
password pairs with associated privilege levels for each user that
requires management access to a switch.
Like RADIUS, Terminal Access Controller Access Control System
Plus (TACACS+) is a system that uses a central server to control
authentication
for access to switches on the network.
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best
effort delivery, while TCP offers a connection-oriented transport.
Also, note that RADIUS encrypts only the password in the
access-request packet from the client to the server, while TACACS+
encrypts the entire body of the packet.
Command Usage
• By default, management access is always checked against the
authentication database stored on the local switch. If a remote
authentication server is used, you must specify the
authentication sequence and the corresponding parameters for
the remote authentication protocol.
Console(config)#username bob access-level 15 3-30
Console(config)#username bob password 0 smith
Console(config)#
b_mgmt.book Page 16 Tuesday, July 8, 2003 5:24 PM