Chapter 36: TACACS+ and RADIUS Protocols
426 Section IX: Management Security
When a network manager logs in to a switch to manage the device, the
switch passes the username and password entered by the manager to the
authentication protocol server. The server checks to see if the username
and password are valid. This is referred to as authentication.
If the combination is valid, the authentication protocol server notifies the
switch and the switch completes the login process, allowing the manager
to manage the switch.
If the username and password are invalid, the authentication protocol
server notifies the switch and the switch cancels the login.
Authorization defines what a manager can do after logging in to a switch.
The AT-9400 Switch supports two management levels, Manager and
Operator. The Manager level lets you view and configure a switch’s
parameter settings, while the Operator level only lets you view the
settings. You must assign an authorization level to each manager
username and password combination on the authentication server.
The final function of an authentication protocol is keeping track of user
activity on network devices, referred to as accounting. The AT-S63
Management Software does not support RADIUS or TACACS+
accounting as part of manager accounts. However, it does support
RADIUS accounting with the 802.1x Port-based Network Access Control
feature, as explained in Chapter 31, “802.1x Port-based Network Access
Control” on page 355.
Note
The AT-S63 Management Software does not support the two earlier
versions of the TACACS+ protocol, TACACS and XTACACS.