DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual
172
The administrator for the Switch may set up six different authentication techniques per user-defined method list
(TACACS/XTACACS//RADIUS/local/none) for authentication. These techniques will be listed in an order
preferable, and defined by the user for normal user authentication on the Switch, and may contain up to eight
authentication techniques. When a user attempts to access the Switch, the Switch will select the first technique listed
for authentication. If the first technique goes through its Authentication Server Hosts and no authentication is returned,
the Switch will then go to the next technique listed in the server group for authentication, until the authentication has
been verified or denied, or the list is exhausted.
Please note that when the user logins to the device successfully through TACACS/XTACACS/server or
none method, the “user” priviledge level is the only level assigned. If the user wants to get the administration privilege
level, the user must use the “enable admin” command to promote his privilege level. However when the user logins to
the device successfully through the RADIUS server or through the local method, 3 kinds of privilege levels can be
assigned to the user and the user cannot use the “enable admin” command to promote to the admin privilege level.
NOTE:
TACACS, XTACACS and are separate entities and are not
compatible. The Switch and the server must be configured exactly the same, using the
same protocol. (For example, if the Switch is set up for TACACS authentication, so must
be the host server.)