Chapter 20 Authentication & Accounting
20.1.2 RADIUS and TACACS+
RADIUS and TACACS+ are security protocols used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate an unlimited number of users from a central location.
The following table describes some key differences between RADIUS and TACACS+.
Table 46 RADIUS vs. TACACS+
| RADIUS | TACACS+ |
Transport | UDP (User Datagram Protocol) | TCP (Transmission Control Protocol) |
Protocol |
|
|
|
|
|
Encryption | Encrypts the password sent for | All communication between the client (the |
| authentication. | Switch) and the TACACS server is |
|
| encrypted. |
|
|
|
20.2 Authentication and Accounting Screens
To enable authentication, accounting or both on the Switch. First, configure your authentication server settings (RADIUS, TACACS+ or both) and then set up the authentication priority and accounting settings.
Click Advanced Application > Auth and Acct in the navigation panel to display the screen as shown.
Figure 76 Advanced Application > Auth and Acct
20.2.1 RADIUS Server Setup
Use this screen to configure your RADIUS server settings. See Section 20.1.2 on page 146 for more information on RADIUS servers. Click on the RADIUS Server Setup link in the Authentication and Accounting screen to view the screen as shown.
146 |
| |
| ||
|
|
|