Asante Technologies 40240/40480-10G 6-3, Configuring Local/Remote Logon Authentication,

the network. An authentication server contains a database of multiple user name/

password pairs with associated privilege levels for each u ser that req uires

management access to the switch.

RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery,

while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts

only the password in the access-request packet from the client to the server, wh ile

TACACS+ encrypts the entire body of the packet.

Command Usage

• By default, management access is always c hecked aga inst the auth entication

database stored on the local switch. If a remote a uthe ntic ation se rv er is used , yo u

must specify the authentication sequence and the corresponding parameters for

the remote authentication protocol. Local and remote logon authentication control

management access via the console port, web browser, or Telnet.

• RADIUS and TACACS+ logon authentication assign a specific privilege level for

each user name/password pair. The user name, password, and privil ege level

must be configured on the authentication server.

• You can specify up to three authentication methods for any us er to indicat e the

authentication sequence. For example, if you select (1) RADIUS, (2) TACACS and

(3) Local, the user name and password on the RADIUS server is verified first. If the

RADIUS server is not available, then authentication is attempted using the

TACACS+ server, and finally the local user name and password is checked.

Command Attributes

•

Authentication

– Select the authentication, or authentication sequence required:

- Local – User authentication is perform ed only local ly by the switc h.

- Radius – User authentication is performed us ing a RADIU S server only.

- TACACS – User authentication is perform ed usin g a TACACS + server only .

- [authentication sequence] – User authenticatio n is perfo rmed by up t o three

authentication methods in the indicated sequence.

• RADIUS Settings

- Global – Provides globall y applicab le RADI US sett ings.

- Server Index – Specifies one of fi ve RA DIU S ser vers t hat m ay be c onfigu red.

The switch attempts authentication using the listed sequence of servers. The

process ends when a server eithe r appr oves or den ies acce ss to a us er.

- Server IP Address – Address of authen ticatio n server. (D efault: 10. 1.0.1)

- Server Port Number – Network (UDP) port of au thenti catio n server us ed for

authentication messages. (Range: 1-65535; Default: 1 812)

- Secret Text String – Encryption key used to authenticate logon access for

client. Do not use blank spaces in the string. (Maximum length: 48 characte rs)

Number of Server Transmits

– Number of times the switch tries to authenticate

logon access via the authentication server. (Range: 1-30; Default: 2)

- Timeout for a reply – The number of seconds the swit ch wait s for a rep ly from

the RADIUS server before it resends the request. (Range: 1-65535; Default: 5)

6-3Configuring Local/Remote Logon Authentication