Use the Security > AAA > Server page to configure the message exchange
parameters for RADIUS or TACACS+ remote access authentication servers.
Remote Authentication Dial-in User Service (RADIUS) and Terminal Access Controller
Access Control System Plus (TACACS+) are logon authentication protocols that
use software running on a central server to control access to RADIUS-aware or
TACACS-aware devices on the network. An authentication server contains a database
of multiple user name/password pairs with associated privilege levels for each
user that requires management access to the switch.
RADIUS uses UDP while TACACS+ uses TCP. UDP only offers best effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet.
Configure Server
Provides globally applicable RADIUS settings.
Specifies one of five RADIUS servers that may be configured. The switch attempts authentication using the listed sequence of servers. The process ends when a server either approves or denies access to a user.
Address of authentication server. (A Server Index entry must be selected to display this item.)
Network (UDP) port on authentication server used for accounting messages. (Range: 1-65535; Default: 1813)
Network (UDP) port on authentication server used for authentication messages. (Range: 1-65535; Default: 1812)
The number of seconds the switch waits for a reply from the RADIUS server before it resends the request. (Range: 1-65535; Default: 5)
Number of times the switch tries to authenticate logon access via the authentication server. (Range: 1-30; Default: 2)
Mark this box to set or modify the encryption key.
Encryption key used to authenticate logon access for client. Enclose any string containing blank spaces in double quotes. (Maximum length: 48 characters)
Re-type the string entered in the previous field to ensure no errors were made. The switch will not change the encryption key if these two fields do not match.
Provides globally applicable TACACS+ settings.
Specifies the index number of the server to be configured. The switch currently supports only one TACACS+ server.
Address of the TACACS+ server. (A Server Index entry must be selected to display this item.)
Network (TCP) port of TACACS+ server used for authentication messages. (Range: 1-65535; Default: 49)
The number of seconds the switch waits for a reply from the TACACS+ server before it resends the request. (Range: 1-540; Default: 5)
Number of times the switch tries to authenticate logon access via the authentication server. (Range: 1-30; Default: 2)
Mark this box to set or modify the encryption key.
Encryption key used to authenticate logon access for client. Enclose any string containing blank spaces in double quotes. (Maximum length: 48 characters)
Re-type the string entered in the previous field to ensure no errors were made. The switch will not change the encryption key if these two fields do not match.
Configure Group
Select RADIUS or TACACS+ server.
Defines a name for the RADIUS or TACACS+ server group. (Range: 1-64 characters)
Specifies the server and sequence to use for the group. (Range: 1-5 for RADIUS; 1 for TACACS)
When specifying the priority sequence for a sever, the server index must already be defined.