Cisco WS-C4507R-E Software Guide - Page 448
Understanding How RADIUS Authentication Works
UPC - 882658134845
View all Cisco WS-C4507R-E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 448 highlights
Understanding How Authentication Works Chapter 30 Configuring Switch Access Using AAA You can configure a TACACS+ key on the client and server. If you configure a key on the switch, it must be the same as the one that is configured on the TACACS+ servers. The TACACS+ clients and servers use the key to encrypt all TACACS+ transmitted packets. If you do not configure a TACACS+ key, packets are not encrypted. The TACACS+ key must be fewer than 100 characters. With TACACS+, you can do the following: • Enable or disable TACACS+ authentication to determine whether a user has permission to access the switch • Enable or disable TACACS+ authentication to determine whether a user has permission to enter privileged mode • Specify a key that is used to encrypt the protocol packets • Specify the server on which the TACACS+ server daemon resides • Set the number of login attempts that are allowed • Set the timeout interval for server daemon response • Enable or disable the directed-request option TACACS+ authentication is disabled by default. You can enable TACACS+ authentication and local authentication at the same time. If local authentication is disabled and you then disable all other authentication methods, local authentication is reenabled automatically. Understanding How RADIUS Authentication Works RADIUS is a client-server authentication and authorization access protocol that is used by the NAS to authenticate users attempting to connect to a network device. The NAS functions as a client, passing user information to one or more RADIUS servers. The NAS permits or denies network access to a user based on the response it receives from one or more RADIUS servers. RADIUS uses UDP for transport between the RADIUS client and server. You can configure a RADIUS key on the client and server. If you configure a key on the client, it must be the same as the one that is configured on the RADIUS servers. The RADIUS clients and servers use the key to encrypt all RADIUS transmitte packets. If you do not configure a RADIUS key, packets are not encrypted. The key itself is never transmitted over the network. Note For more information about the RADIUS protocol, refer to RFC 2138, "Remote Authentication Dial In User Service (RADIUS)." With RADIUS, you can do the following: • Enable or disable RADIUS authentication to control login access • Enable or disable RADIUS authentication to control enable access • Specify the IP addresses and UDP ports of the RADIUS servers • Specify the RADIUS key that is used to encrypt RADIUS packets • Specify the RADIUS server timeout interval • Specify the RADIUS retransmit count • Specify the RADIUS server deadtime interval 30-4 Catalyst 4500 Series, Catalyst 2948G, Catalyst 2980G Switches Software Configuration Guide-Release 8.1 78-15486-01