IronPort Systems 4108GL User Manual

9-8

Using Passwords and TACACS+ To Protect Against Unauthorized Access
TACACS+ Authentication for Central Control of Switch Access Security

Usi

n

g P

a

ssword

s a

nd

T

A

CA

CS

+

TACACS+ Authentication for Central
Control of Switch Access Security

TACACS+ Features

TACACS+ authentication enables you to use a central server to allow or deny
access to the Switch 4108GL (and other TACACS-aware devices) in your
network. This means that you can use a central database to create multiple
unique username/password sets with associated privilege levels for use by
individuals who have reason to access the switch from either the switch’s
console port (local access) or Telnet (remote access).

Figure 9-4. Example of TACACS+ Operation

Feature

Default

Menu

CLI

Web

view the switch’s authentication configuration

n/a

—

page 14

—

view the switch’s TACACS+ server contact
configuration

n/a

—

page 15

—

configure the switch’s authentication methods

disabled

—

page 16

—

configure the switch to contact TACACS+ server(s) disabled

—

page 19

—

B

Switch 4108GL
Configured for
TACACS+ Operation

Terminal "A" Directly
Accessing the Switch
Via Switch’s Console
Port

Terminal "B" Remotely Accessing The Switch Via Telnet

A

Primary
TACACS+
Server

The switch passes the login
requests from terminals A and B
to the TACACS+ server for
authentication. The TACACS+
server determines whether to
allow access to the switch and
what privilege level to allow for
a given access request.

Access Request A1 - A4 : Path for Request from
Terminal A (Through Console Port)

TACACS Server B1 - B4: Path for Request from
Response Terminal B (Through Telnet)

B1

A2 or
B2

A3 or
B3

B4

A1

A4