Header Only - DO NOT REMOVE - Extreme Networks

Authentication: RADIUS & TACACS+


Hi.

Today my devices (B5 and C5) are configure with TACACS+ for network's administrator authentication.

I want to user a Radius's server with a valid database to verify valid users, is it possible? I use Radius and TACACS configuration in the same switch?

Thanks for attention.

Paulo Mauricio

5 replies

Userlevel 3
Please clarify what you mean when you say you want RADIUS to verify valid users? are you talking about for switch management access? or for regular end system authentication, like 802.1X? If you want TACACS+ only for switch CLI access and RADIUS only for end system authentication, then you can configure both, but be sure to set the RADIUS realm to Network Access and NOT Management or Any Access.
Userlevel 3
Please clarify what you mean when you say you want RADIUS to verify valid users? are you talking about for switch management access? or for regular end system authentication, like 802.1X? If you want TACACS+ only for switch CLI access and RADIUS only for end system authentication, then you can configure both, but be sure to set the RADIUS realm to Network Access and NOT Management or Any Access.
Hi Matthew.

You are right.

Today TACACS+ is used for switch management access, TACACS+ talk with my users database LDAP to validate user. Just network's management have this privilege.

To future, we have a project for authentication regular end system authentication and I will think to set Microsoft Radius with LDAP. Today we use this configuration for wireless's domain users. Aruba's solution not Extreme.

What are you think? Is it complicate? Any sugestions?

Thks for your help.
Userlevel 3
it should not be a problem. You can easily tie switch authentication in with MS NPS/IAS. I believe there are some guides around available. It should be relatively straightforward.
Ok Mathew.

Thanks again.

Reply