Security
7450 ESS System Mangement Guide Page 35
Access Request Flow
In Figure 2, the authentication process is defined in the config>system>security>
password
context. The authentication order is determined by specifying the sequence in
which password authentication is attempted among RADIUS, TACACS+, and local
passwords. This example uses the authentication order of RADIUS, then TACACS+, and
finally, local. An access request is sent to RADIUS server 1. One of two scenarios can occur.
If there is no response from the server, the request is passed to the next RADIUS server with
the next lowest index (RADIUS server 2) and so on, until the last RADIUS server is attempted
(RADIUS server 5). If server 5 does not respond, the request is passed to the TACACS+
server 1. If there is no response from that server, the request is passed to the next TACACS+
server with the next lowest index (TACACS+ server 2) and so on.
If a request is sent to an active RADIUS server and the user name and password is not
recognized, access is denied and passed on to the next authentication option, in this case, the
TACACS+ server. The process continues until the request is either accepted, denied, or each
server is queried. Finally, if the request is denied by the active TACACS+ server, the local
parameters are checked for user name and password verification. This is the last chance for the
access request to be accepted.
Figure 2: Security Flow
RADIUS
Server 1
Access
Denied
RADIUS
Server 2
No Response
Access
Denied
No Response
Access
Denied
No Response
Access
Denied
No Response
RADIUS
Server 3
RADIUS
Server 4
RADIUS
Server 5
Start
Deny
Deny
Deny
Access
Accept
OSRG009
TACACS+
Server 1
Access
Denied
TACACS+
Server 2
Local
No Response
Access
Denied
No Response No Response No Response
TACACS+
Server 3
TACACS+
Server 4
TACACS+
Server 5
To Next Page
Loading...
