User manual
C
HAPTER
4
| Configuring the Switch
Configuring Security
– 62 –
Figure 14: Authentication Server Operation
PATH
Advanced Configuration, Security, Switch, Auth Method
USAGE GUIDELINES
◆ The switch supports the following authentication services:
■
Authorization of users that access the Telnet, SSH, the web, or
console management interfaces on the switch.
■
Accounting for users that access the Telnet, SSH, the web, or
console management interfaces on the switch.
■
Accounting for IEEE 802.1X authenticated users that access the
network through the switch. This accounting can be used to provide
reports, auditing, and billing for services that users have accessed.
◆ By default, management access is always checked against the
authentication database stored on the local switch. If a remote
authentication server is used, you must specify the authentication
method and the corresponding parameters for the remote
authentication protocol on the Network Access Server Configuration
page. Local and remote logon authentication can be used to control
management access via Telnet, SSH, a web browser, or the console
interface.
◆ When using RADIUS or TACACS+ logon authentication, the user name
and password must be configured on the authentication server. The
encryption methods used for the authentication process must also be
configured or negotiated between the authentication server and logon
client. This switch can pass authentication messages between the
server and client that have been encrypted using MD5 (Message-Digest
5), TLS (Transport Layer Security), or TTLS (Tunneled Transport Layer
Security).
Web
RADIUS/
TACACS+
server
1. Client attempts management access.
2. Switch contacts authentication server.
3.Authentication server challenges client.
4. Client responds with proper password or key.
5.Authentication server approves access.
6. Switch grants management access.