4 Configuration
DGS-1210 series Metro Ethernet Managed Switch User Manual
102
NOTE:
The user must configure Authentication
Server Hosts using the Authentication Server
Hosts page before adding hosts to the list.
Authentication Server Hosts must be configured
for their specific protocol on a remote centralized
server before this function can work properly.
NOTE:
The two built in server groups can only
have server hosts running the same TACACS
daemon. The and RADIUS protocols
are separate entities and are not compatible with
each other.
Security > Access Authentication Control > Authentication Server
This Authentication Server page will set user-defined
Authentication Server Hosts
for the and
RADIUS security protocols on the Switch. When a user attempts to access the Switch with Authentication
Policy enabled, the Switch will send authentication packets to a remote or RADIUS server host on
a remote host. The or RADIUS server host will then verify or deny the request and return the
appropriate message to the Switch. More than one authentication protocol can be run on the same physical
server host but, remember that and RADIUS are separate entities and are not compatible with
each other. The maximum supported number of server hosts is
16
.
Figure 4.153 – Security > Access Authentication control > Authentication Server
To add an Authentication Server Host:
IP Address:
Select IPv4 or IPv6 and enter the IP address.
Protocol:
The protocol used by the server host. The user may choose one of the following:
–
Enter this parameter if the server host utilizes the protocol.
RADIUS –
Enter this parameter if the server host utilizes the RADIUS protocol.
Key:
Authentication key to be shared with a configured or RADIUS servers only. Specify an
alphanumeric string up to
254
characters.
Port (1 - 65535):
Enter a number between
1
and
65535
to define the virtual port number of the
authentication protocol on a server host. The default port number is
49
for server and
1813
for
RADIUS servers but the user may set a unique port number for higher security.
Timeout (1 - 255):
Enter the time in seconds the Switch will wait for the server host to reply to an
authentication request. The default value is
5
seconds.
Retransmit (1 - 255):
Enter the value in the retransmit field to change how many times the device will resend
an authentication request when the TACACS server does not respond.
Click
Apply
to add a new Authentication Server Host.
NOTE:
More than one authentication protocol can
be run on the same physical server host.
Summary of Contents for DGS-1210 Series
Page 159: ...140 ...