How tacacs+ authentication works, Authorization, Table 6 – Juniper Networks EX2500 User Manual

Page 29: Default tacacs+ authorization levels, Table 7, Alternate tacacs+ authorization levels

Advertising
background image

Securing Access to the Switch

„

15

Chapter 1: Accessing the Switch

How TACACS+ Authentication Works

TACACS+ works in much the same way as RADIUS authentication, as described on
page 11. The remote administrator connects to the switch and provides a
username and password.

1.

Using Authentication/Authorization protocol, the switch sends a request to
authentication server.

2.

The authentication server checks the request against the user ID database.

3.

Using TACACS+ protocol, the authentication server instructs the switch to
grant or deny administrative access.

During a session, if additional authorization checking is needed, the switch checks
with a TACACS+ server to determine if the user is granted permission to use a
particular command.

TACACS+ Authentication Features in the EX2500 Switch

Authentication is the action of determining the identity of a user, and is generally
done when the user first attempts to log in to a device or gain access to its services.
The EX2500 switch supports ASCII inbound login to the device. PAP, CHAP, and
ARAP login methods; TACACS+ change password requests; and one-time
password authentication are not supported.

Authorization

Authorization is the action of determining a user’s privileges on the device, and
usually takes place after authentication.

The default mapping between TACACS+ authorization levels and EX2500
management access levels is shown in Table 6. The authorization levels must be
defined on the TACACS+ server.

Alternate mapping between TACACS+ authorization levels and EX2500
management access levels is shown in Table 7. Use the following command to set
the alternate TACACS+ authorization levels:

ex2500(config)#

tacacs-server privilege-mapping

Table 6: Default TACACS+ Authorization Levels

EX2500 User Access Level

TACACS+ level

user

0

oper

3

admin

6

Table 7: Alternate TACACS+ Authorization Levels

EX2500 User Access Level

TACACS+ level

user

0 - 1

oper

6 - 8

admin

14 - 15

Advertising
Popular Brands
Popular manuals