C
ONFIGURING
THE
S
WITCH
3-70
Remote Authentication Dial-in User Service (RADIUS) and Terminal
Access Controller Access Control System Plus () are logon
authentication protocols that use software running on a central server to
control access to RADIUS-aware or TACACS -aware devices on the
network. An authentication server contains a database of multiple user
name/password pairs with associated privilege levels for each user that
requires management access to the switch.
RADIUS uses UDP while uses TCP. UDP only offers best
effort delivery, while TCP offers a connection-oriented transport. Also,
note that RADIUS encrypts only the password in the access-request
packet from the client to the server, while encrypts the entire
body of the packet.
Command Usage
•
By default, management access is always checked against the
authentication database stored on the local switch. If a remote
authentication server is used, you must specify the authentication
sequence and the corresponding parameters for the remote
authentication protocol. Local and remote logon authentication
control management access via the console port, web browser, or
Telnet.
Web
Telnet
RADIUS/
server
console
1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.
Summary of Contents for 6128L2
Page 2: ......
Page 21: ...CONTENTS xvii Glossary Index ...
Page 22: ...CONTENTS xviii ...
Page 26: ...TABLES xxii ...
Page 40: ...INTRODUCTION 1 10 ...
Page 54: ...INITIAL CONFIGURATION 2 14 ...
Page 193: ...PORT CONFIGURATION 3 139 Figure 3 61 Displaying Etherlike and RMON Statistics ...
Page 257: ...QUALITY OF SERVICE 3 203 Figure 3 90 Configuring Policy Maps ...
Page 313: ...COMMAND GROUPS 4 13 PE Privileged Exec VC VLAN Database Configuration ...
Page 592: ...TROUBLESHOOTING B 4 ...
Page 605: ......