When a Server Does Not Respond
Page 34 7450 ESS System Mangement Guide
Security Controls
You can configure routers to use RADIUS, TACACS+, and local authentication to validate
users requesting access to the network. The order in which password authentication is
processed among RADIUS, TACACS+ and local passwords can be specifically configured. In
other words, the authentication order can be configured to process authorization through
TACACS+ first, then RADIUS for authentication and accounting. Local access can be
specified next in the authentication order in the event that the RADIUS and TACACS+
servers are not operational.
When a Server Does Not Respond
A trap is issued if a RADIUS + server is unresponsive. An alarm is raised if RADIUS is
enabled with at least one RADIUS server and no response is received to either accounting or
user access requests from any server.
Periodic checks to determine if the primary server is responsive again are not performed. If a
server is down, it will not be contacted for 5 minutes. If a login is attempted after 5 minutes,
then the server is contacted again. When a server does not respond with the health check
feature enabled, the server’s status is checked every 30 seconds. Health check is enabled by
default. When a service response is restored from at least one server, the alarm condition is
cleared. Alarms are raised and cleared on Alcatel-Lucent’s Fault Manager or other third party
fault management servers.
The servers are accessed in order from lowest to highest specified index (from 1 to 5) for
authentication requests until a response from a server is received. A higher indexed server is
only queried if no response is received, implying a lower indexed server is not available. If a
response from the server is received, no other server is queried.
Table 3: Security Methods Capabilities
Method Authentication Authorization Accounting*
Local Y Y N
TACACS+ Y Y Y
RADIUS Y Y Y
* Local commands always perform account logging using the config log command.
To Next Page
Loading...
