Chapter 22 Authentication & Accounting
22.1.2 RADIUS and TACACS+
RADIUS and TACACS+ are security protocols used to authenticate users by means of an external server instead of (or in addition to) an internal device user database that is limited to the memory capacity of the device. In essence, RADIUS and TACACS+ authentication both allow you to validate an unlimited number of users from a central location.
The following table describes some key differences between RADIUS and TACACS+.
Table 56 RADIUS vs TACACS+
| RADIUS | TACACS+ |
Transport | UDP (User Datagram Protocol) | TCP (Transmission Control Protocol) |
Protocol |
|
|
|
|
|
Encryption | Encrypts the password sent for | All communication between the client (the |
| authentication. | Switch) and the TACACS server is |
|
| encrypted. |
|
|
|
22.2 Authentication and Accounting Screens
To enable authentication, accounting or both on the Switch. First, configure your authentication server settings (RADIUS, TACACS+ or both) and then set up the authentication priority and accounting settings.
Click Advanced Application > Auth and Acct in the navigation panel to display the screen as shown.
Figure 93 Advanced Application > Auth and Acct
22.2.1 RADIUS Server Setup
Use this screen to configure your RADIUS server settings. See Section 22.1.2 on page 170 for more information on RADIUS servers and Section 22.3 on page 178 for RADIUS attributes utilized by the authentication and accounting features on the Switch. Click on the RADIUS Server Setup link in the Authentication and Accounting screen to view the screen as shown.
170 |
| |
| ||
|
|
|