Dell PowerConnect 3248 User Manual - Page 12

www.dell.com | support.dell.com NOTE: When you are setting up privilege levels on a RADIUS or TACACS+ server, level 0 allows Normal Exec access to the switch, and level 15 allows Privileged Exec access. 0 started admin 1.5 cipher-3des session- Console# Authentication Settings Similar to RADIUS, TACACS+ is a system that uses a central server to control authentication for access to switches on the network. The RADIUS Settings page was renamed "Authentication Settings" and updated to include TACACS+. The RADIUS system uses User Datagram Protocol (UDP) while TACACS+ uses Transmission Control Protocol (TCP). UDP only offers best-effort delivery, while TCP offers a connection-oriented transport. Also, note that RADIUS encrypts only the password in the access-request packet from the client to the server, while TACACS+ encrypts the entire body of the packet. Both RADIUS and TACACS+ authentication control management access using the console port, Web browser, or Telnet. These access options must be configured on the authentication server together with user names, passwords, and specific privilege levels for each user name/password pair. NOTICE: If you are using only a RADIUS server for authentication, you must configure a special user name on the server for the CLI enable command that allows access to the Privileged Exe level from the Normal Exe level. The user name to configure on the RADIUS server for this command is $Enable. The Switch/Security/Authentication Settings page contains the following fields that can be edited: • Authentication Sequence- Select the authentication, or authentication sequence, required: (Default: Local) - Local - The switch authenticates the user. - RADIUS - A RADIUS server authenticates the user. - TACACS - A TACACS+ server authenticates the user. - Local, RADIUS - The switch attempts to authenticate the user first, and then a RADIUS server attempts to authenticate the user. 12 Addendum to the 32 48 and 5 224 User 's Guides