AT-S63 Management Software Features Guide
Section IX: Management Security
451
Guidelines
Here are the main steps to using the or RADIUS client on the
switch.
1. Install a or RADIUS server on one or more of your network
servers or management stations. Authentication protocol server
software is not available from Allied Telesis.
2. Configure the or RADIUS authentication server.
Here are the guidelines to follow when configuring the server for new
manager accounts:
– To create a new manager account, enter the username and
password combination that the network manager will use to log
onto the switch when managing the device. The maximum length
for a username is 38 alphanumeric characters and spaces, and the
maximum length for a password is 16 alphanumeric characters and
spaces.
–
You must assign each account an authorization level. This differs
depending on the server software. controls this through
the sixteen (0 to 15) different levels of the Privilege attribute. A
privilege level of “0” gives the combination Operator status. Any
value from 1 to 15 gives the combination Manager status.
For RADIUS, management level is controlled by the Service Type
attribute. This attribute has 11 different values; only two apply to
the AT-S63 Management Software. A value of Administrative for
this attribute gives the username and password combination
Manager access. A value of NAS Prompt assigns the combination
Operator status.
Note
This manual does not explain how to configure a or
RADIUS server. For instructions, refer to the documentation
included with the server software.
Here are the guidelines to follow when configuring the server for
supplicant accounts for 802.1x port-based access control:
– 802.1x is only supported with a RADIUS server.
– To create an account for a supplicant connected to an
authenticator port set to the 802.1x authentication mode, enter a
username and password combination. The maximum length for a
username is 38 alphanumeric characters and spaces, and the
Summary of Contents for AT-S63
Page 14: ...Figures 14 ...
Page 18: ...Tables 18 ...
Page 28: ...28 Section I Basic Operations ...
Page 58: ...Chapter 1 Overview 58 ...
Page 76: ...Chapter 2 AT 9400Ts Stacks 76 Section I Basic Operations ...
Page 96: ...Chapter 5 MAC Address Table 96 Section I Basic Operations ...
Page 114: ...Chapter 8 Port Mirror 114 Section I Basic Operations ...
Page 116: ...116 Section II Advanced Operations ...
Page 146: ...Chapter 12 Access Control Lists 146 Section II Advanced Operations ...
Page 176: ...Chapter 14 Quality of Service 176 Section II Advanced Operations ...
Page 196: ...196 Section III Snooping Protocols ...
Page 204: ...Chapter 18 Multicast Listener Discovery Snooping 204 Section III Snooping Protocols ...
Page 216: ...Chapter 20 Ethernet Protection Switching Ring Snooping 216 Section III Snooping Protocols ...
Page 218: ...218 Section IV SNMPv3 ...
Page 234: ...234 Section V Spanning Tree Protocols ...
Page 268: ...268 Section VI Virtual LANs ...
Page 306: ...Chapter 27 Protected Ports VLANs 306 Section VI Virtual LANs ...
Page 320: ...320 Section VII Internet Protocol Routing ...
Page 360: ...Chapter 30 BOOTP Relay Agent 360 Section VII Routing ...
Page 370: ...Chapter 31 Virtual Router Redundancy Protocol 370 Section VII Routing ...
Page 372: ...372 Section VIII Port Security ...
Page 402: ...Chapter 33 802 1x Port based Network Access Control 402 Section VIII Port Security ...
Page 404: ...404 Section IX Management Security ...
Page 436: ...Chapter 36 PKI Certificates and SSL 436 Section IX Management Security ...
Page 454: ...Chapter 38 TACACS and RADIUS Protocols 454 Section IX Management Security ...
Page 462: ...Chapter 39 Management Access Control List 462 Section IX Management Security ...
Page 532: ...Appendix D MIB Objects 532 ...