xStack® DGS-3120 Series Managed Switch Web UI Reference Guide
240
Figure 8–54 Authentication Server Settings window
The fields that can be configured are described below:
Parameter
Description
IP Address
The IP address of the remote server host to add.
Protocol
The protocol used by the server host. The user may choose one of the following:
TACACS
- Enter this parameter if the server host utilizes the TACACS protocol.
XTACACS
- Enter this parameter if the server host utilizes the XTACACS protocol.
- Enter this parameter if the server host utilizes the protocol.
RADIUS
- Enter this parameter if the server host utilizes the RADIUS protocol.
Key
Authentication key to be shared with a configured or RADIUS servers
only. Specify an alphanumeric string up to 254 characters.
Port (1-65535)
Enter a number between
1
and
65535
to define the virtual port number of the
authentication protocol on a server host. The default port number is
49
for
TACACS/XTACACS/ servers and
1813
for RADIUS servers but the user
may set a unique port number for higher security.
Timeout (1-255 sec)
Enter the time in seconds the Switch will wait for the server host to reply to an
authentication request. The default value is
5
seconds.
Retransmit (1-255
times)
Enter the value in the retransmit field to change how many times the device will
resend an authentication request when the TACACS server does not respond.
Click the
Apply
button to accept the changes made.
NOTE:
More than one authentication protocol can be run on the same physical server host but,
remember that TACACS/XTACACS/ are separate entities and are not compatible
with each other.
Login Method Lists Settings
User-defined or default Login Method List of authentication techniques can be configured for users logging on to
the Switch. The sequence of techniques implemented in this command will affect the authentication result. For
example, if a user enters a sequence of techniques, for example TACACS - XTACACS- local, the Switch will send
an authentication request to the first TACACS host in the server group. If no response comes from the server host,
the Switch will send an authentication request to the second TACACS host in the server group and so on, until the
list is exhausted. At that point, the Switch will restart the same sequence with the following protocol listed,
XTACACS. If no authentication takes place using the XTACACS list, the local account database set in the Switch is
used to authenticate the user. When the local method is used, the privilege level will be dependent on the local
account privilege configured on the Switch.
Successful login using any of these techniques will give the user a "User" privilege only. If the user wishes to
upgrade his or her status to the administrator level, the user must use the
Enable Admin
window, in which the user
must enter a previously configured password, set by the administrator.
To view this window, click
Security > Access Authentication Control > Login Method Lists Settings
as shown
below:
Содержание xStack DGS-3120-24TC
Страница 1: ......