Chapter 20 Authentication & Accounting
ES-2024 Series User’s Guide
146
20.1.2 RADIUS and TACACS+
RADIUS and TACACS+ are security protocols used to authenticate users by means of an
external server instead of (or in addition to) an internal device user database that is limited to
the memory capacity of the device. In essence, RADIUS and TACACS+ authentication both
allow you to validate an unlimited number of users from a central location.
The following table describes some key differences between RADIUS and TACACS+.
20.2 Authentication and Accounting Screens
To enable authentication, accounting or both on the Switch. First, configure your
authentication server settings (RADIUS, TACACS+ or both) and then set up the
authentication priority and accounting settings.
Click Advanced Application > Auth and Acct in the navigation panel to display the screen
as shown.
Figure 76 Advanced Application > Auth and Acct
20.2.1 RADIUS Server Setup
Use this screen to configure your RADIUS server settings. See Section 20.1.2 on page 146 for
more information on RADIUS servers. Click on the RADIUS Server Setup link in the
Authentication and Accounting screen to view the screen as shown.
Table 46 RADIUS vs. TACACS+
RADIUS TACACS+
Transport
Protocol
UDP (User Datagram Protocol) TCP (Transmission Control Protocol)
Encryption Encrypts the password sent for
authentication.
All communication between the client (the
Switch) and the TACACS server is
encrypted.