Security Controls
Page 36 7705 SAR OS System Management Guide
If a request is sent to an active RADIUS server and the user name and password are not
recognized, access is denied and passed on to the next authentication option, in this case, the
TACACS+ server. The process continues until the request is either accepted, denied, or each
server is queried. Finally, if the request is denied by the active TACACS+ server, the local
parameters are checked for user name and password verification. This is the last chance for
the access request to be accepted.
Figure 2: Security Flow
RADIUS
Server 1
Access
Denied
RADIUS
Server 2
No Response
Access
Denied
No Response
Access
Denied
No Response
Access
Denied
No Response
RADIUS
Server 3
RADIUS
Server 4
RADIUS
Server 5
Start
Deny
Deny
Deny
Access
Accept
19672
TACACS+
Server 1
Access
Denied
TACACS+
Server 2
Local
No Response
Access
Denied
No Response No Response No Response
TACACS+
Server 3
TACACS+
Server 4
TACACS+
Server 5
To Next Page
Loading...
