Manualshelf

Specifications

ManualsBrandsEnterasys ManualsNetworkingMatrix-V V2H124-24
51525354555657585960
User Authentication
2-25
2
CLI – Assign a user name to access-level 15 (i.e., administrator), then specify the
password.
Configuring RADIUS/TACACS Logon Authentication
Use the Authentication Settings menu to restrict management access based on
specified user names and passwords. You can manually configure access rights on
the switch, or you can use a remote access authentication server based on RADIUS
or TACACS+ protocols.
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access
Controller Access Control System Plus (TACACS+) are logon authentication
protocols that use software running on a central server to control access to
RADIUS-aware or TACACS- aware devices on the network. An authentication
server contains a database of multiple user name/password pairs with associated
privilege levels for each user that requires management access to the switch.
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery,
while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts
only the password in the access-request packet from the client to the server, while
TACACS+ encrypts the entire body of the packet.
Command Usage
By default, management access is always checked against the authentication
database stored on the local switch. If a remote authentication server is used, you
must specify the authentication sequence and the corresponding parameters for
the remote authentication protocol. Local and remote logon authentication control
management access via the console port, web browser, or Telnet.
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort
delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS
encrypts only the password in the access-request packet from the client to the
server, while TACACS+ encrypts the entire body of the packet.
RADIUS and TACACS+ logon authentication assign a specific privilege level for
each user name/password pair. The user name, password, and privilege level
must be configured on the authentication server.
You can specify up to three authentication methods for any user to indicate the
authentication sequence. For example, if you select (1) RADIUS, (2) TACACS+
and (3) Local, the user name and password on the RADIUS server is verified first.
If the RADIUS server is not available, then authentication is attempted using the
TACACS+ server, and finally the local user name and password is checked.
Command Attributes
Authentication – Select the authentication, or authentication sequence required:
- Local – User authentication is performed only locally by the switch.
- Radius – User authentication is performed using a RADIUS server only.
Console(config)#username bill access-level 15 3-24
Console(config)#username bill password 0 1
Console(config)#