Chapter 5 configuring aaa servers, Configure radius and tacacs+ servers – Net Optics iBypass HD User Manual

Page 37

Advertising
background image

33

iBypass HD

Chapter 5

Configuring AAA Servers

The iBypass HD can access RADIUS and TACACS+ servers to perform user authentication and authorization.

(Athentication and authorization, along with accounting, are referred to as AAA services.)

In this chapter, you will learn to:

• Configure the iBypass HD to access RADIUS and TACACS+ AAA services

Configure RADIUS and TACACS+ Servers

The iBypass HD can be configured to obtain AAA services from 0 to 3 RADIUS servers and 0 to 3 TACACS+ servers,

in addition to its local (internal) user account list. When a user attempts to log into the system, the iBypass HD always

checks its local accounts first. It then queries all configured AAA (RADIUS and TACACS+) servers in the sequence

you specify, until authentication is successful. If authentication is unsuccessful locally and on all configured servers, the

login request is denied.

You can configure from 1 to 3 RADIUS servers plus 1 to 3 TACACS+ servers using multiple server add commands.

Each time you add an AAA server, it is added to the end of the AAA server list (which includes both RADIUS and

TACACS+ servers), making it the last server that will be queried. You can add the server in a different position in the

list by specifying an ID when you add it; for example, id=1 places the server at the head of the list, making it the first

server that will be queried.

Mapping privilege levels

When you add an AAA server, the priv_map argument defines how the privilege level returned by the AAA server is

mapped to the three privilege levels supported by the iBypass HD. The priv_map argument takes a list of three values.

The first value (a or v) determines whether lower numbers map to the admin privilege level (a) or the view privilege

level (v). The user level is always in the middle. The second value specifies the lowest returned privilege level that

maps into the user level, and the third value specifies the highest returned privilege level that maps into the user level.

AAA Privilege Level

the iBypass HD Privilege

Level

priv_map=a,2,2

5

4

3

2

1

0

view

user

admin

Figure 22: Privilege level mapping showing the default mapping

Advertising
Popular Brands
Popular manuals