Product Manual
Product Manual
Product Manual
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
DES-3526 / DES-3526DC Fast Ethernet Layer 2 Switch<br />
the Switch, the Switch will ask the first Authentication Server Hosts for authentication. If no<br />
authentication is made, the second server host in the list will be queried, and so on. The built-in<br />
Authentication Server Groups can only have hosts that are running the specified protocol. For<br />
example, the TACACS Authentication Server Groups can only have TACACS Authentication Server<br />
Hosts.<br />
The administrator for the Switch may set up six different authentication techniques per user-defined<br />
method list (TACACS/XTACACS/TACACS+/RADIUS/local/none) for authentication. These techniques<br />
will be listed in an order preferable, and defined by the user for normal user authentication on<br />
the Switch, and may contain up to eight authentication techniques. When a user attempts to access the<br />
Switch, the Switch will select the first technique listed for authentication. If the first technique goes<br />
through its Authentication Server Hosts and no authentication is returned, the Switch will then go to<br />
the next technique listed in the server group for authentication, until the authentication has been<br />
verified or denied, or the list is exhausted.<br />
Please note that users granted access to the Switch will be granted normal user privileges on the<br />
Switch. To gain access to administrator level privileges, the user must access the Enable Admin<br />
window and then enter a password, which was previously configured by the administrator of the<br />
Switch.<br />
NOTE: TACACS, XTACACS and TACACS+ are separate entities and are<br />
not compatible. The Switch and the server must be configured exactly the<br />
same, using the same protocol. (For example, if the Switch is set up for<br />
TACACS authentication, so must be the host server.)<br />
Policy & Parameters<br />
This command will enable an administrator-defined authentication policy for users trying to access the<br />
Switch. When enabled, the device will check the Login Method List and choose a technique for user<br />
authentication upon login.<br />
To access the following window, click Security Management > Access Authentication Control ><br />
Policy & Parameters:<br />
The following parameters can be set:<br />
Parameters Description<br />
Figure 7- 5. Policy & Parameters Settings window<br />
Authentication Policy Use the pull-down menu to enable or disable the Authentication Policy on the<br />
Switch.<br />
Response Timeout (0-<br />
255)<br />
This field will set the time the Switch will wait for a response of authentication from<br />
the user. The user may set a time between 0 and 255 seconds. The default setting<br />
is 30 seconds.<br />
User Attempts (1-255) This command will configure the maximum number of times the Switch will accept<br />
authentication attempts Users failing to be authenticated after the set amount of<br />
124