RADIUS/
TACACS+ server
1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.
Web
Telnet
console

User Authentication 3

Configuring Local/Remote Logon Authentication

Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the switch, or you can use a remote access authentication server based on RADIUS or TACACS+ protocols.

Remote Authentication Dial-in

User Service (RADIUS) and Terminal Access Controller Access Control System Plus (TACACS+) are logon

authentication protocols that use software running on a central

server to control access to RADIUS-aware or TACACS-

aware devices on the network. An authentication server contains

a database of multiple user name/password pairs with associated privilege levels for each user that requires management access to the switch.

RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet.

Command Usage

By default, management access is always checked against the authentication database stored on the local switch. If a remote authentication server is used, you must specify the authentication sequence and the corresponding parameters for the remote authentication protocol. Local and remote logon authentication control management access via the console port, web browser, or Telnet.

RADIUS and TACACS+ logon authentication assign a specific privilege level for each user name/password pair. The user name, password, and privilege level must be configured on the authentication server.

You can specify up to three authentication methods for any user to indicate the authentication sequence. For example, if you select (1) RADIUS, (2) TACACS and

(3) Local, the user name and password on the RADIUS server is verified first. If the RADIUS server is not available, then authentication is attempted using the TACACS+ server, and finally the local user name and password is checked.

Command Attributes

Authentication – Select the authentication, or authentication sequence required:

-Local – User authentication is performed only locally by the switch.

-Radius – User authentication is performed using a RADIUS server only.

-TACACS – User authentication is performed using a TACACS+ server only.

-[authentication sequence] – User authentication is performed by up to three authentication methods in the indicated sequence.

3-55

Page 106 Page 108
Page 107
Image 107
Microsoft ES4649, ES4625 manual Configuring Local/Remote Logon Authentication
Page 106 Page 108

ES4649, ES4625 specifications

The Microsoft ES4625 and ES4649 are advanced enterprise-grade servers designed to meet the demands of modern data centers. They blend cutting-edge technology with robust performance, making them an ideal choice for businesses that require reliable processing capabilities, enhanced storage solutions, and improved energy efficiency.

One of the standout features of the ES4625 is its powerful processing capability. Equipped with the latest Intel Xeon Scalable processors, the server can handle a significant workload, making it suitable for various applications, including virtualization, cloud computing, and big data analytics. The multi-core architecture allows for efficient parallel processing, thereby improving response times and overall system performance.

On the other hand, the ES4649 offers an even more powerful setup, with the option to support high core counts and a larger memory footprint. This feature is particularly beneficial for enterprises that run demanding applications requiring substantial processing power and memory capacity. Both models support DDR4 memory, ensuring faster data access and overall system efficiency.

Storage adaptability is another key characteristic of these servers. The ES4625 and ES4649 come with multiple drive bays supporting various storage options, including SSDs and traditional HDDs. This flexibility allows organizations to configure their storage according to their specific performance and capacity needs. With support for advanced storage technologies like NVMe, enterprises can achieve unparalleled data transfer speeds, which is crucial for data-intensive applications.

In terms of manageability, both models are equipped with Microsoft’s innovative management tools. The integration of these tools facilitates easy monitoring, troubleshooting, and maintenance of server health and performance, significantly reducing downtime. Moreover, the servers are designed with enhanced security features to protect against unauthorized access and data breaches, ensuring that sensitive information remains secure.

Energy efficiency is another critical characteristic of the ES4625 and ES4649. These servers are designed with power-saving technologies that reduce energy consumption without compromising performance. This aspect is particularly advantageous for businesses looking to lower their operational costs and carbon footprint.

Overall, the Microsoft ES4625 and ES4649 offer a compelling combination of performance, flexibility, and security. They are engineered to support the increasingly complex demands of modern enterprise environments, making them a valuable investment for organizations seeking reliable, high-performing server solutions. Whether for virtualized workloads, cloud services, or heavy data computations, these servers are designed to deliver exceptional results.
Top Page Image Contents