User manual
C
HAPTER
14
| Security Measures
Configuring Local/Remote Logon Authentication
– 162 –
ES-2000 Series
CONFIGURING LOCAL/REMOTE LOGON AUTHENTICATION
Use the Security > AAA > System Authentication page to specify local or
remote authentication. Local authentication restricts management access
based on user names and passwords manually configured on the switch.
Remote authentication uses a remote access authentication server based
on RADIUS or TACACS+ protocols to verify management access.
COMMAND USAGE
◆ By default, management access is always checked against the
authentication database stored on the local switch. If a remote
authentication server is used, you must specify the authentication
sequence. Then specify the corresponding parameters for the remote
authentication protocol using the Security > AAA > Server page. Local
and remote logon authentication control management access via a web
browser.
◆ You can specify up to three authentication methods for any user to
indicate the authentication sequence. For example, if you select
(1) RADIUS, (2) TACACS and (3) Local, the user name and password
on the RADIUS server is verified first. If the RADIUS server is not
available, then authentication is attempted using the TACACS+ server,
and finally the local user name and password is checked.
PARAMETERS
These parameters are displayed:
◆ Authentication Sequence – Select the authentication, or
authentication sequence required:
■
Local – User authentication is performed only locally by the switch.
■
RADIUS – User authentication is performed using a RADIUS server
only.
■
TACACS – User authentication is performed using a TACACS+
server only.
■
[authentication sequence] – User authentication is performed by up
to three authentication methods in the indicated sequence.
WEB INTERFACE
To configure the method(s) of controlling management access:
1. Click Security, AAA, System Authentication.
2. Specify the authentication sequence (i.e., one to three methods).
3. Click Apply.