Chapter 20 Authentication & Accounting

20.1.2 RADIUS and TACACS+

RADIUS and TACACS+ are security protocols used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate an unlimited number of users from a central location.

The following table describes some key differences between RADIUS and TACACS+.

Table 46 RADIUS vs. TACACS+

 

RADIUS

TACACS+

Transport

UDP (User Datagram Protocol)

TCP (Transmission Control Protocol)

Protocol

 

 

 

 

 

Encryption

Encrypts the password sent for

All communication between the client (the

 

authentication.

Switch) and the TACACS server is

 

 

encrypted.

 

 

 

20.2 Authentication and Accounting Screens

To enable authentication, accounting or both on the Switch. First, configure your authentication server settings (RADIUS, TACACS+ or both) and then set up the authentication priority and accounting settings.

Click Advanced Application > Auth and Acct in the navigation panel to display the screen as shown.

Figure 76 Advanced Application > Auth and Acct

20.2.1 RADIUS Server Setup

Use this screen to configure your RADIUS server settings. See Section 20.1.2 on page 146 for more information on RADIUS servers. Click on the RADIUS Server Setup link in the Authentication and Accounting screen to view the screen as shown.

146

 

ES-2024 Series User’s Guide