Chapter 25 AAA
XS1930 Series User’s Guide
207
The following table describes the labels in this screen.
Table 97 Advanced Application > AAA > AAA Setup
LABEL
DESCRIPTION
Authentication
Use this section to specify the methods used to authenticate users accessing the Switch.
Login
These fields specify which database the Switch should use (first, second and third) to
authenticate administrator accounts (users for Switch management).
Configure the local user accounts in the
Access Control > Logins
screen. The RADIUS is a
external server. Before you specify the priority, make sure you have set up the corresponding
database correctly first.
You can specify up to three methods for the Switch to authenticate administrator accounts.
The Switch checks the methods in the order you configure them (first
Method 1
, and finally
Method 2
). You must configure the settings in the
Method 1
field. If you want the Switch to
check other sources for administrator accounts, specify them in the
Method 2
field.
Select
local
to have the Switch check the administrator accounts configured in the
Access
Control > Logins
screen.
Select
radius
to have the Switch check the administrator accounts configured via your RADIUS
server.
Authorization
Use this section to configure authorization settings on the Switch.
Type
Set whether the Switch provides the following services to a user.
•
Exec
: Allow an administrator which logs into the Switch through Telnet or SSH to have a
different access privilege level assigned via the external server.
•
Dot1x
: Allow an IEEE 802.1x client to have different bandwidth limit or VLAN ID assigned via
the external server.
Active
Select this to activate authorization for a specified event types.
Method
This field displays the authorization protocol used for the corresponding event type.
Accounting
Use this section to configure accounting settings on the Switch.
Update Period
This is the amount of time in minutes before the Switch sends an update to the accounting
server. This is only valid if you select the
start-stop
option for the
Exec
or
Dot1x
entries.
Type
The Switch supports the following types of events to be sent to the accounting server(s):
•
System
- Configure the Switch to send information when the following system events occur:
system boots up, system shuts down, system accounting is enabled, system accounting is
disabled
•
Dot1x
- Configure the Switch to send information when an IEEE 802.1x client begins a session
(authenticates via the Switch), ends a session as well as interim updates of a session.
Active
Select this to activate accounting for a specified event types.
Broadcast
Select this to have the Switch send accounting information to all configured accounting
servers at the same time.
If you don’t select this and you have two accounting servers set up, then the Switch sends
information to the first accounting server and if it doesn’t get a response from the accounting
server then it tries the second accounting server.
Mode
The Switch supports two modes of recording login events. Select:
•
start-stop
- to have the Switch send information to the accounting server when a user begins
a session, during a user’s session (if it lasts past the
Update Period
), and when a user ends a
session.
•
stop-only
- to have the Switch send information to the accounting server only when a user
ends a session.
Method
This field displays the accounting protocol used for the corresponding event type.