C
ONFIGURING
THE
S
WITCH
3-68
Remote Authentication Dial-in User Service (RADIUS) and Terminal
Access Controller Access Control System Plus () are logon
authentication protocols that use software running on a central server to
control access to RADIUS-aware or TACACS -aware devices on the
network. An authentication server contains a database of multiple user
name/password pairs with associated privilege levels for each user that
requires management access to the switch.
RADIUS uses UDP while uses TCP. UDP only offers best
effort delivery, while TCP offers a connection-oriented transport. Also,
note that RADIUS encrypts only the password in the access-request
packet from the client to the server, while encrypts the entire
body of the packet.
Command Usage
•
By default, management access is always checked against the
authentication database stored on the local switch. If a remote
authentication server is used, you must specify the authentication
sequence and the corresponding parameters for the remote
authentication protocol. Local and remote logon authentication
control management access via the console port, web browser, or
Telnet.
•
RADIUS and logon authentication assign a specific
privilege level for each user name/password pair. The user name,
Web
Telnet
RADIUS/
server
console
1. Client attempts management access.
2. Switch contacts authentication server.
3. Authentication server challenges client.
4. Client responds with proper password or key.
5. Authentication server approves access.
6. Switch grants management access.
Summary of Contents for 8728L2 - annexe 1
Page 2: ......
Page 15: ...CONTENTS xi ...
Page 19: ...TABLES xv ...
Page 32: ...INTRODUCTION 1 10 ...
Page 46: ...INITIAL CONFIGURATION 2 14 ...
Page 177: ...PORT CONFIGURATION 3 131 Figure 3 59 Displaying Etherlike and RMON Statistics ...
Page 258: ...CONFIGURING THE SWITCH 3 212 ...
Page 524: ...COMMAND LINE INTERFACE 4 266 ...
Page 532: ...TROUBLESHOOTING B 4 ...
Page 545: ......