How does tacacs+ control management access, How does tacacs+ control management, Access – Dell POWEREDGE M1000E User Manual

174

Controlling Management Access

• Console—Authenticates access through the console port (CLI only).
• Telnet—Authenticates users accessing the CLI by using a Telnet or SSH

client.

• Secure HTTP—Authenticates users accessing OpenManage Switch

Administrator by using an HTTPS connection.

• HTTP—Authenticates users accessing OpenManage Switch

Administrator by using an HTTP connection.

• DOT1X—Authenticates hosts connecting through the in-band switch

ports. This access type is for network authentication and not management

interface authentication.

The switch has three preconfigured authentication profiles. For information

about these profiles, see "Default Management Security Values" on page 180.

How Does TACACS+ Control Management Access?

TACACS+ (Terminal Access Controller Access Control System) provides

access control for networked devices via one or more centralized servers.

TACACS+ simplifies authentication by making use of a single database that

can be shared by many clients on a large network. TACACS+ uses TCP to

ensure reliable delivery and a shared key configured on the client and daemon

server to encrypt all messages.
If you configure TACACS+ as the authentication method for user login and a

user attempts to access the user interface on the switch, the switch prompts

for the user login credentials and requests services from the TACACS+

client. The client then uses the configured list of servers for authentication,

and provides results back to the switch.
Figure 9-1 shows an example of access management using TACACS+.

NOTE:

For information about port-based authentication, see "Configuring 802.1X

and Port-Based Security" on page 509.