Chapter 15: Setting RADIUS and TACACS+ Clients

Overview

Remote Manager Accounts

The switch has RADIUS and TACACS+ clients for remote authentication. Here are the features that use remote authentication:

802.1x port-based network access control. This feature lets you increase network security by requiring that network users log on with user names and passwords before the switch will forward their packets. This feature is described in Chapter 16, “Setting 802.1x Port- based Network Access” on page 175.

Remote manager accounts. This feature lets you add manager accounts to the switch by transferring the task of authenticating the accounts from the switch to an authentication server on your network. This feature is described in “Managing User Accounts” on page 45.

The RADIUS client supports both features, but the TACACS+ client supports only the remote manager accounts feature. Here are the guidelines:

Only one client can be active on the switch at a time.

If you want to use just the remote manager account feature, you can use either RADIUS or TACACS+ because both clients support that feature.

If you want to use 802.1x port-based network access control, you have to use the RADIUS client because the TACACS+ client does not support that feature.

The switch comes with one local manager account. The account is referred to as a local account because the switch authenticates the user name and password when a manager uses the account to log on. If the user name and password are valid, the switch allows the individual to access its management software. Otherwise, it cancels the login to prevent unauthorized access.

There are two ways to add more manager accounts. The first way is to create additional local accounts.This is explained in the following chapters in the AlliedWare Plus Management Software Command Line Interface User’s Guide:

Chapter 66: Local Manager Accounts

Chapter 67: Local Manager Account Commands

The second way to add more accounts is with a RADIUS or TACACS+ authentication server on your network. With either authentication method, the authentication of the user names and passwords of the manager accounts is performed by one or more authentication servers. The switch

164

Page 163 Page 165
Page 164
Image 164
Allied Telesis AT-9000/28SP, AT-9000/52 manual Overview, Remote Manager Accounts
Page 163 Page 165

AT-9000/52, AT-9000/28SP, AT-9000/28 specifications

The Allied Telesis AT-9000/28 is a versatile and robust network switch designed for organizations seeking to enhance their networking capability. This Layer 2 managed switch delivers a high degree of performance and reliability, making it an ideal choice for businesses that require a seamless network experience.

One of the main features of the AT-9000/28 is its 28 ports, which include 24 Fast Ethernet ports and 4 Gigabit Ethernet uplink ports. This allows for flexible network configuration and scalability, accommodating both wired and wireless devices efficiently. The switch also supports auto-negotiation and auto-MDI/MDI-X, which simplifies installation and connectivity by automatically detecting and configuring the appropriate settings.

The AT-9000/28 employs advanced switching technologies, such as IEEE 802.1Q VLAN tagging, which enables the segregation of traffic for improved security and performance. This feature is crucial for businesses that require data isolation between different departments or user groups. In addition, the switch supports quality of service (QoS) protocols, allowing for traffic prioritization. This is particularly beneficial for organizations that handle multimedia applications or VoIP services that demand reliable bandwidth.

Another significant characteristic of the AT-9000/28 is its support for port mirroring. This capability is essential for network monitoring and troubleshooting, as it allows administrators to track and analyze network traffic efficiently. Furthermore, the switch supports multiple user authentication methods, including RADIUS and TACACS+, thus enhancing network security.

The AT-9000/28 is built with energy efficiency in mind, featuring Energy Efficient Ethernet (EEE) technology. This reduces power consumption during periods of low traffic without compromising performance, which aids in lowering overall operational costs.

In terms of management, the AT-9000/28 offers versatile management options, including a web-based GUI, Command Line Interface (CLI), and SNMP support. This flexibility enables network administrators to configure, monitor, and troubleshoot the switch easily.

Overall, the Allied Telesis AT-9000/28 is a reliable switch well-suited for a variety of network environments. Its combination of performance, security features, and energy efficiency makes it an excellent choice for organizations looking to optimize their network infrastructure. With robust capabilities and advanced technologies, the AT-9000/28 stands out as a valuable addition to any networking setup.
Top Page Image Contents