Sunfire B1600 Note

Chapter 3 General Management of the Switch 3-29

RADIUS-aware or TACACS+-aware devices on the network. An authentication

server contains a database of multiple user name/password pairs with associated

privilege levels for each user that requires management access to a switch.

Note – When setting up privilege levels on a RADIUS or TACACS+ server,

remember that level 0 allows guest (Normal Exec) access to the switch. Only level 15

allows administrator (Privileged Exec) access.

■RADIUS uses UDP while TACACS+ uses TCP.UDP only offers best effort

delivery,while TCP offers a connection-oriented transport. Also, note that

RADIUS encrypts only the password in the access-request packet from the client

to the server, while TACACS+encrypts the entire body of the packet.

■RADIUS and TACACS+ logon authentication controls management access

through the console port, Webbrowser, or Telnet. These access options must be

configured on the authentication server.

■RADIUS and TACACS+ logon authentication assigns a specific privilege level for

each user name/password pair. The user name, password, and privilege level

must be configured on the authentication server.

■You can specify one to threeauthentication methods for any user to indicate the

authentication sequence. For example, if you select (1) RADIUS and (2) Local, the

user name and password on the RADIUS server are verified first. If the RADIUS

server is not available, then the local user name and password are checked.

When configuring user authentication using the web interface or CLI, the following

parameters are displayed or can be configured:

■Authentication Mechanisms

■Require User Authentication – The operating status of user authentication.

■Preference – The switch attempts to authenticate the user based on the

specified sequence.

■Authentication Server Settings

■Server IP Address – The address of the authentication server.The default

is: 10.1.0.1.

■Server Port Number – The UDP or TCP network port (between 1 and 65,535) of

the authentication server used for authentication messages. The default is 1812.

■Encryption Key – The password (between 1 and 20 characters) used to

authenticate logon access for the client. Do not use blank spaces in the string.

■No. of Retries7– The number of times (between 1 and 30) the switch tries to

authenticate logon access through the authentication server. The default is 2.

7.Applies only to RADIUS server authentication.