Configuring TACACS+, TACACS+ Configuration | NETGEAR XS712T-100NES

XS712T Smart Switch

Configuring TACACS+

TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other authentication processes. TACACS+ provides the following services:

•Authentication. Provides authentication during login and via user names and user-defined passwords.

•Authorization. Performed at login. When the authentication session is completed, an authorization session starts using the authenticated user name. The TACACS+ server checks the user privileges.

The TACACS+ protocol ensures network security through encrypted protocol exchanges between the device and TACACS+ server.

The TACACS+ folder contains links described in the following sections.

•Configuring TACACS+

•TACACS+ Server Configuration

TACACS+ Configuration

The TACACS+ Configuration screen contains the TACACS+ settings for communication between the switch and the TACACS+ server you configure via the inband management port.

To configure global TACACS+ settings:

1.Select Security > Management Security > TACACS+ > TACACS+ Configuration.

2.In the Key String field, specify the authentication and encryption key for TACACS+ communications between the XS712T and the TACACS+ server.

The valid range is 0–128 characters. The key must match the key configured on the TACACS+ server.

3.In the Connection Timeout field, specify the maximum number of seconds allowed to establish a TCP connection between the XS712T and the TACACS+ server.

The valid range is 1–30 seconds. Default is 5 seconds.

4.Click Apply.

178

Image 178

NETGEAR XS712T-100NES manual Configuring TACACS+, TACACS+ Configuration, 178

Contents

XS712T Smart Switch Trademarks XS712T Smart SwitchTechnical Support Statement of Conditions Contents Configuring Routing Monitoring the System Appendix a Smart Control Center Utilities Getting Started with the XS712T Smart Switch Getting Started Switch Management Interface Connect the Switch to the Network Discover a Switch in a Network with a Dhcp Server  To install the switch in a network with a Dhcp server Discover a Switch in a Network without a Dhcp Server  To assign a static IP address XS712T Smart Switch Configure the Network Settings on the Administrative System Click the Local Area Connection link XS712T Smart Switch  To configure a static address on the switch Access the Management Interface from a Web Browser Click Web Browser Access Use the Web Interface Understand the User Interfaces To log on to the Web interface Navigation Tabs, Configuration Menus, and Links Smart Switch Web Interface XS712T Smart Switch Link Submenu Links Configuration and Status OptionsCommand buttons Device View Device view Help Access User-Defined Fields Use SNMPv3Disallowed characters in user-defined fields XS712T Smart Switch Interface Naming Convention Interface naming conventions Support Online HelpUser Guide Registration  To register the switch with Netgear Select Help RegisterClick Register Configure System Information Management System Information  To define a system name, location, and contact System Information screen status fields Field Description IP Configuration XS712T Smart Switch IPv6 Network Configuration  To configure the network information for an IPv6 network IPv6 Network Neighbor IPv6 neighbor table fields XS712T Smart Switch IPv6 neighbor table fields Time Time Configuration  To manually configure the time XS712T Smart Switch Time Configuration status fields  To configure a new Sntp server Sntp Server ConfigurationXS712T Smart Switch Time Configuration status fields  To remove an Sntp server  To change the settings for an existing Sntp serverSntp server status fields  To configure the summer time settings Summer Time ConfigurationXS712T Smart Switch Sntp server status fields Configure Auto-DoS Denial of Service To enable the Auto-DoS feature Configure Denial of Service  To configure individual DoS settings XS712T Smart Switch Click Apply Configure DNS  To configure the global DNS settings  To change the hostname or IP address in an entry Configure and View Hostname-to-IP Address Information To remove an entry from the static DNS table Dynamically learned host name mapping information Green Ethernet Interface Configuration Green Ethernet  To configure Green Ethernet mode settings for a port Green Ethernet Detail Green Ethernet local device information XS712T Smart Switch Green Ethernet local device information Green Ethernet Summary Green Ethernet power saving information Green Ethernet summary screen Green Ethernet support information View and Configure Green Ethernet LPI History To configure the LPI settings Green Ethernet interface information LPI history information Configure the Snmp Community  To add an Snmp community  To modify an existing community  To delete a community  To modify information about an existing Snmp recipient Trap Configuration To add an Snmp trap receiver  To delete an Snmp trap recipient Trap Flags  To configure the trap flagsSnmp Supported Mibs Lldp Lldp Configuration  To configure global Lldp settings Lldp Port Settings  To configure Lldp port settings LLDP-MED Network Policy  To configure LLDP-MED settings for a port LLDP-MED Port SettingsXS712T Smart Switch LLDP-MED network policy information Local Information  To view local Lldp information Model and platform Are True enabled or False disabled Neighbors Information  To view Lldp information received from a neighbor device Field Field Description Port Details Field Description MED Details Services-DHCP Snooping Global Configuration  To configure Dhcp snooping global settings Interface Configuration  To configure Dhcp snooping interface settings XS712T Smart Switch Binding Configuration Dhcp Snooping dynamic binding information Persistent Configuration  To configure Dhcp snooping persistent settings  To view and clear the Dhcp snooping statistics StatisticsDhcp Snooping statistics XS712T Smart Switch Dhcp Snooping statistics  To configure port settings Port ConfigurationPorts XS712T Smart Switch Flow Control LAG Configuration Link Aggregation Groups  To create a LAG Select Switching LAG Basic LAG Membership LAG Membership Lacp Configuration Lacp Port Configuration VLANs  To delete a one or more VLANs Basic Vlan Configuration To modify the Vlan name Vlan Membership Configuration Port Vlan ID Configuration Vlan Status XS712T Smart Switch MAC Based Vlan Protocol Based Vlan Group Configuration  To modify protocol based Vlan information Protocol Based Vlan Group Membership To delete a protocol based Vlan group Voice Vlan Auto-VoIP Configuration Configure Protocol-Based Auto VoIP Settings XS712T Smart Switch Port Settings OUI Based Properties OUI Table  To delete one or more OUI prefixes from the table Spanning Tree Protocol STP Configuration 100 CST Configuration 101 CST Port Configuration 102 103 CST Port Status 104 Rapid STP 105 MST Configuration 106  To delete an MST instance MST Port Configuration107 108 STP Statistics 109 110 Bridge Multicast Forwarding Multicast111 Mfdb Table 112 Mfdb Statistics 113 Igmp Snooping Auto-Video114 Igmp Snooping Configuration 115 Igmp Snooping Interface Configuration 116 Igmp Snooping Table 117 Igmp Snooping Vlan Configuration 118  To disable Igmp snooping on one or more VLANs Multicast Router Configuration119 Multicast Router Vlan Configuration 120 Igmp Snooping Querier Igmp Snooping Querier Configuration121 Igmp Snooping Querier Vlan Configuration 122 Igmp Snooping Querier Vlan Status 123 Igmp snooping querier Vlan status MLD Snooping124 MLD Interface Configuration MLD Snooping Configuration125 126 MLD Vlan Configuration 127  To disable MLD snooping on a Vlan 128 Querier Configuration 129 Querier Vlan Configuration 130 131 MAC Address Table  To remove an MLD snooping querier configurationForwarding Database 132 Dynamic Address Configuration 133 Address Table 134 Static MAC Address 135  To delete a static MAC address 136 Configure IP Settings 137  To display the IP statistics screen IP Statistics138 IP routing statistics 139 XS712T Smart Switch IP routing statistics 140 141 Vlan Routing Wizard Configure Vlan Routing142 143 Vlan Routing Configuration 144 Router Discovery Configuration Configure Router Discovery145 Configure and View Routes 146 Routing table information  To delete one or more static routes147  To display entries in the ARP table Configure ARPARP Cache 148 ARP cache information for routing VLANs Create a Static ARP EntryARP cache information 149 Configure Global ARP Settings 150 151 Specific Static Entry Remove an ARP Entry From the ARP CacheAll Dynamic Entries All Dynamic and Gateway Entries 152 Class of Service 153 Basic CoS Configuration 154 CoS Interface Configuration 155 Interface Queue Configuration 156 157 802.1p to Queue Mapping 158 Dscp to Queue Mapping 159 Defining DiffServ Differentiated Services160 DiffServ MIB table information Diffserv Configuration161  To rename an existing class Class Configuration To configure the class match criteria  To delete a class 163 164 IPv6 Class Configuration 165  To delete a policy Policy Configuration166 167 168 Service Configuration 169 Service statistics Service Statistics To display the service statistics screen  To remove a policy from an interface Change Password Management Security Settings171  To reset the password to the default value 172 Global Configuration Radius Configuration173 Radius Server Configuration 174 Radius server statistics  To delete a configured Radius server175 Accounting Server Configuration 176 Radius accounting server statistics 177 TACACS+ Configuration Configuring TACACS+178 TACACS+ Server Configuration 179 Http Authentication List Authentication List Configuration180 Https Authentication List 181 Dot1x Authentication List 182 Http Configuration Configure Management Access183 Secure Http Configuration 184 Certificate Management 185 Certificate Download 186 187 Access Profile Configuration Access Control188 Access Rule Configuration 189 802.1X Configuration Port Authentication190 Port Authentication 191 192 193 Port authentication status information 194 Port Summary  To access the port Summary screenXS712T Smart Switch Port authentication status information 195 Ieee 802.1X port summary information 196 Traffic Control MAC Filter ConfigurationXS712T Smart Switch Ieee 802.1X port summary information 197  To delete a configured MAC filter 198 MAC filter summary information MAC Filter Summary To display the MAC filter summary screen 199 Storm Control 200 Port Security Configuration 201 Port security violation information Port Security Interface Configuration202 203 Dynamic MAC address table information Security MAC Address204 Protected Ports Membership Private Vlan Configuration205 Private Vlan type table information Private Vlan Association Configuration206 Private Vlan association table information Private Vlan Port Mode Configuration207 Private Vlan Host Interface Configuration 208 Private Vlan host interface table information 209 Private Vlan Promiscuous Interface Configuration 210 Private Vlan promiscuous interface table information 211 Configuring Access Control Lists 212 ACL Wizard 213  To remove a rule 214  To change the name of a MAC ACL  To add a MAC ACL Select Security Basic MAC ACL215  To delete a MAC ACL MAC Rules216  To delete a rule  To change the match criteria for a rule217 MAC Binding Configuration 218 MAC binding table information MAC Binding Table219  To delete an IP ACL 220  To add IP rules Select Security ACL Advanced IP Rules IP Rules221  To delete and IP ACL rule IP Extended Rules To modify the match criteria for an ACL rule 222 223 224 IPv6 ACL 225  To delete an IPv6 ACL IPv6 Rules To add an IPv6 ACL Select Security ACL Advanced IPv6 ACL 226 227 228  To delete an IPv6 rule 229 IP Binding Configuration 230 IP binding table information IP Binding Table231  To delete a Vlan binding Vlan Binding Table232 Switch Statistics 233 Switch statistics 234 XS712T Smart Switch Switch statistics 235 Port statistics Port Statistics236 XS712T Smart Switch Port statistics  To reset the counters for all interfaces on the switch To reset the counters for a specific interface 237 Port Detailed Statistics 238 Detailed interface statistics 239 XS712T Smart Switch Detailed interface statistics 240 241 242 243 244 EAP statistics EAP Statistics245 XS712T Smart Switch EAP statistics 246 Cable Test 247 Cable information Logs248 Memory Log 249 Flash Log 250 251 Server Log 252  To delete an existing host  To modify the settings for an existing host To add a remote syslog host log server 253 Trap log statistics Trap Logs To view trap log information Trap log information Event log information Event Logs To view the event logs 255 Mirroring 256  To delete a mirrored port 257 258 Device Reboot Reset259 Upload Factory Default260 Tftp File Upload 261 Http File Upload 262 Tftp File Download Download263 264 Http File Download 265 Copy File Management266 Dual Image Configuration 267 Dual Image Status 268 Network Utilities 269 270  To modify switch information Configure the Device271 Click Change Password Change the Switch Password To change the switch password 272 Click Upload Configuration Manage the Switch Configuration and FirmwareUpload and Download the Configuration 273 Click Download Configuration 274  To upgrade your firmware Upgrade the Firmware275 276 View and Manage Tasks 277 278 Ping Troubleshooting Configuration Menu279 280 Ping IPv6 281 TraceRoute 282 Troubleshooting chart Troubleshooting Chart283 284 Virtual Local Area Networks VLANs 285 Sample Vlan Configuration 286 Access Control Lists ACLs 287 Destination MAC Mask Ffff MAC ACL Example ConfigurationAssign Queue Match Every. False CoS Vlan ID Match Every. False Source IP Address Sample Standard IP ACL ConfigurationRule ID Action. Deny Rule ID Differentiated Services DiffServ 290 DiffServ Traffic Classes Class291 Traffic Conditioning Policy Create Policies292 Protocol Type. UDP Source IP Address Sample DiffServ ConfigurationClass Name. Class1 Class Type. All Destination IP Address Destination Mask Assign Queue Policy Attribute. Simple Policy 802.1X294 295 Secret Configured. Yes Sample 802.1X Configuration296 Mstp 297 298 Switch 1 Switch 2 Switch 3 Sample Mstp Configuration299 MST ID Priority Vlan ID MST ID300 Vlan Routing Overview Sample Vlan Routing ConfigurationVlan Routing with a Static Route 301 302 Smart Switch specifications XS712T Smart Switch Specifications303 Switch features and defaults XS712T Switch Features and Defaults304 XS712T Smart Switch Switch features and defaults 305 306 Bestätigung des Herstellers/Importeurs Netgear Wired ProductsCertificate of the Manufacturer/Importer FCC Caution Edoc in Languages of the European Community Europe EU Declaration of Conformity308 FCC Guidelines for Human Exposure FCC Requirements for Operation in the United StatesFCC Information to User FCC Declaration Of Conformity FCC Radio Frequency Interference Warnings & Instructions 310