Authentication, Authorization, and Accounting
Page 30 7705 SAR OS System Management Guide
The user login is successful when the RADIUS server accepts the authentication request and
responds to the router with an access accept message.
Implementing authentication without authorization for the 7705 SAR does not require the
configuration of VSAs (Vendor Specific Attributes) on the RADIUS server. However, users,
user access permissions, and command authorization profiles must be configured on each
router.
Any combination of these authentication methods can be configured to control network
access from a 7705 SAR router:
• Local Authentication
• RADIUS Authentication
• TACACS+ Authentication
Local Authentication
Local authentication uses user names and passwords configured on the router to authenticate
login attempts. The user names and passwords are local to each router, not to user profiles.
By default, local authentication is enabled. When one or more of the other security methods
are enabled, local authentication is disabled. Local authentication is restored when the other
authentication methods are disabled. Local authentication is attempted if the other
authentication methods fail and local is included in the authentication order password
parameters.
Locally, you can configure user names and password management information. This is
referred to as local authentication. Remote security servers such as RADIUS or TACACS+
are not enabled.
RADIUS Authentication
Remote Authentication Dial-In User Service (RADIUS) is a client/server security protocol
and software that enables remote access servers to communicate with a central server to
authenticate dial-in users and authorize access to the requested system or service.
RADIUS allows you to maintain user profiles in a shared central database and provides
better security, allowing a company to set up a policy that can be applied at a single
administered network point.
To Next Page
Loading...
