D-Link DGS-3700 Login Method Lists

DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual

176

IP Address The IP address of the remote server host the user wishes to add.

Port (1-65535) Enter a number between 1 and 65535 to define the virtual port num ber of the authentication

protocol on a server host. The default port number is 49 for TACACS/XTACACS/TACACS+

servers and 1813 for RADIUS servers but the user may set a unique port number for higher

security.

Protocol The protocol used by the server host. The user may choose one of the following :

TACACS – Enter this parameter if the server host utilizes the TACACS pro tocol.

XTACACS – Enter this parameter if the server host utilizes the XT ACACS protocol.

TACACS+ – Enter this parameter if the server host utilizes the TACACS + protocol.

RADIUS – Enter this parameter if the server host utilizes the RADIUS protocol.

Timeout (1-255) Enter the time in seconds the Switch will wait for the server host to reply to an authenticati on

request. The default value is 5 seconds.

Key Authentication key to be shared with a configured TACACS+ or RADIUS s ervers onl y. Specify

an alphanumeric string up to 254 characters.

Retransmit (1-255) Enter the value in the retransmit field to change how many times the device will resend an

authentication request when the server does not respond.

Click Apply to add the server host. Entries will be displayed in the table on the lower half of this window.

NOTE: More than one authentication protocol can be run on the same

physical server host but, remember that TACACS/XTACACS/TACACS+

are separate entities and are not compatible with each other

Login Method Lists

This command will configure a user-defined or default Login Method List of authentication techniques for users logging

on to the Switch. The sequence of techniques implemented in this command will af fect the authenticati on result. For

example, if a user enters a sequence of techniques, for example TACACS – XT ACACS - local, the Switch will send an

authentication request to the first TACACS host in the server group. If no response comes from the s erver host, the

Switch will send an authentication request to the second TACACS host in the server group and so on, until t he list is

exhausted. At that point, the Switch will restart the same sequence with the following protocol liste d, XTACACS. If no

authentication takes place using the XTACACS list, the local acc ount database set in the Switch is used to

authenticate the user. When the local method is used, the privilege lev el will be dependant on the local account

privilege configured on the Switch.

When the user logins to the device successfully through TACACS/XT ACACS/TACACS+server or none method, the

“user” privilege level is assigned only. If the user wants to get admin privilege leve l, the user must use the Enable

Admin window to promote his privilege le vel. (See the Enable Admin part of this section for more detailed

information.) But when the user logins to the device successf ully through RADIUS server or loca l method, 3 kinds of

privilege levels can be assigned to the user and the user cannot us e the Enable Admin window to promote to admin

privilege level.

To view this window, click Security > Access Authentication Control > Login Method Lists as shown below: