ADTRAN Total Access 5000 - View SNTP; Provision Authentication, Authorization, and Accounting (AAA); Configure TACACS+ Server(S)

To Next Page

To Previous Page

Section 3, Common Provisioning - Provision Authentication, Authorization, and Accounting (AAA)

65K510DEP08-1A 3-19

View SNTP

FromtheEnableprompt,typeshow sntp,andpressENTERtoviewtheSNTPstatus.

Provision Authentication, Authorization, and Accounting

(AAA)

AAAcontainsthefollowingthreeelements:

• Authenticationistheprocessofloggingintothe networkelement.Uponenteringa

usernameandpassword,thelocalaccountdatabaseortheTACACS+and/orRADIUS

serversdetermineifthelogonattemptissuccessfulforthegivenuser.

• CommandAuthorizationprovidesaprocesstoallowa

TACACS+servertograntordeny

accesstoauseronaper‐commandbasis.WhenauserentersaCLIcommand,butbefore

thecommandisexecuted,aTACACS+serverisqueriedtodetermineifthecommandcan

beexecutedbythatuser.

• CommandAccountingistheprocessofnotifying

aTACACS+serverwhentheuserenters

aCLIcommand.ItallowstheTACACS+servertomaintainlogsofCLIcommandactivity

foreachuser.

IfusingTACACS+forauthentication,thenauthorizationand/oraccountingcanoptionallybe

enabledordisabled.TheexecutableCLIcommandsdependonwhethercommandauthori‐

zation

isenabledordisabled.

Forauthentication,bothRADIUSandTACACS+ canreturnaresponsethatrequestsmore

informationfromtheuser(suchasachallengequestion),inwhichcasetheproductdisplays

themessagefromtheservertotheuser,andawaitsinputfromtheuser.Multiplecha llenge

transactionscanbe

madeduringanauthenticationrequest.

Authenticationalsooccurswhentheuserenters

enablefromtheEnableprompt.If

TA CACS+iscontainedintheauthenticationloginmethodlist,thenuponentering

enable

fromtheEnableprompt,theproducttransmitsanotherauthenticationrequesttothe

TA CACS+server.Aswithlogin,theservercanrespondwithamessagerequestingmoreinfor‐

mation,suchasapassword.Successfulauthenticationinthisprocessresultsintheuserbeing

escalatedinprivilegelevel,andgrantedaccessto

theEnableprompt.

WhenauserattemptstoaccesstheTotalAccess5000,theTotalAccess5000connectstothe

TA CACS+orRADIUSservertoverifythe userandwhattheusercando.TheTotalAccess

5000mustbeconfiguredtotalktothecorrectserver,alongwiththeactions

totakeiftheserver

cannotbecontacted.

Configure TACACS+ Server(s)

TouseaTACACS+server,theserverparametersmustbeconfiguredintheTotalAccess5000

sothattheTotalAccess5000cancommunicatewiththeserver.

TheTotalAccess5000supportsupto4TACACS+serversconfiguredinasingledefaultgroup.

Theserverscontainasequencenumberthatgoverns

theorderinwhichcommunicationis

attempted.Whenaserverisaddedtothesystem,itisenteredintothedefaultTACACS+

serverlistasthenextavailableserverafteranyexistingservers.Aserver’ssequencenumber

canbemodified.Aserverhavingasequencenumberofzeroisneverqueried.

ToconfigureaTACACS+server,completethefollowingprocedure:

1. FromtheEnableprompt,type

configure terminal,andpressENTERtoaccesstheGlo‐

balConfigurationprompt.

ADTRAN Total Access 5000 - View SNTP; Provision Authentication, Authorization, and Accounting (AAA); Configure TACACS+ Server(S)

Table of Contents

Other manuals for ADTRAN Total Access 5000

Related product manuals