Tacacs+ authentication features in blade os, Table 1-3, Default tacacs+ authorization levels 31 – Blade ICE G8000 User Manual

RackSwitch G8000 Application Guide

Chapter 1: Accessing the Switch

„

31

BMD00041, November 2008

TACACS+ authentication features in Blade OS

Authentication is the action of determining the identity of a user, and is generally done when
the user first attempts to log in to a device or gain access to its services. Blade OS supports
ASCII inbound login to the device. PAP, CHAP and ARAP login methods, TACACS+ change
password requests, and one-time password authentication are not supported.

Authorization

Authorization is the action of determining a user’s privileges on the device, and usually takes
place after authentication.

The default mapping between TACACS+ authorization levels and Blade OS management
access levels is shown in

Table 1-3

. The authorization levels must be defined on the TACACS+

server.

Alternate mapping between TACACS+ authorization levels and Blade OS management access
levels is shown in

Table 1-4

. Use the following command to set the alternate TACACS+ autho-

rization levels.

Table 1-3 Default TACACS+ Authorization Levels

Blade OS User Access Level

TACACS+ level

user

0

oper

3

admin

6

RS G8000 (config)#

tacacs-server privilege-mapping

Table 1-4 Alternate TACACS+ Authorization Levels

Blade OS User Access Level

TACACS+ level

user

0 - 1

oper

6 - 8

admin

14 - 15