Local authentication process, Local authentication process -25 – IronPort Systems 4108GL User Manual

Page 179

Advertising
background image

9-25

Using Passwords and TACACS+ To Protect Against Unauthorized Access

TACACS+ Authentication for Central Control of Switch Access Security

Usi
n

g P
a

sswor

ds and

TA
C

A

CS+

then it uses its own local username/password pairs to authenti-
cate the logon request. (See "Local Authentication Process", on
page 25.)

If a TACACS+ server recognizes the switch, it forwards a user-
name prompt to the requesting terminal via the switch.

2.

When the requesting terminal responds to the prompt with a username,
the switch forwards it to the TACACS+ server.

3.

After the server receives the username input, the requesting terminal
receives a password prompt from the server via the switch.

4.

When the requesting terminal responds to the prompt with a password,
the switch forwards it to the TACACS+ server and one of the following
actions occurs:

If the username/password pair received from the requesting
terminal matches a username/password pair previously stored in
the server, then the server passes access permission through the
switch to the terminal.

If the username/password pair entered at the requesting terminal
does not match a username/password pair previously stored in
the server, access is denied. In this case, the terminal is again
prompted to enter a username and repeat steps 2 through 4. In
the default configuration, the switch allows up to three attempts
to authenticate a login session. If the requesting terminal
exhausts the attempt limit without a successful TACACS+
authentication, the login session is terminated and the operator
at the requesting terminal must initiate a new session before
trying again.

Local Authentication Process

When the switch is configured to use TACACS+, it reverts to local authentica-
tion only if one of these two conditions exists:

"Local" is the authentication option for the access method being used.

TACACS+ is the primary authentication mode for the access method
being used. However, the switch was unable to connect to any
TACACS+ servers (or no servers were configured) AND

Local

is the

secondary authentication mode being used.

(For a listing of authentication options, see Table 3 on page 17.)

Advertising
Popular Brands
Popular manuals