Authentication, Authorization, and Accounting
22 7705 SAR OS System Management Guide
Authorization
The 7705 SAR supports local, RADIUS, and TACACS+ authorization to control the actions
of specific users by applying a profile based on user name and password configurations once
network access is granted. The profiles are configured locally as well as on the RADIUS
server as VSAs. See Vendor-Specific Attributes (VSAs).
Once a user has been authenticated using RADIUS (or another method), the 7705 SAR router
can be configured to perform authorization. The RADIUS server can be used to:
• download the user profile to the 7705 SAR router
• send the profile name that the node should apply to the 7705 SAR router
Profiles consist of a suite of commands that the user is allowed or not allowed to execute.
When a user issues a command, the authorization server looks at the command and the user
information and compares it with the commands in the profile. If the user is authorized to
issue the command, the command is executed. If the user is not authorized to issue the
command, then the command is not executed.
Profiles must be created on each 7705 SAR router and should be identical for consistent
results. If the profile is not present, then access is denied.
Table 2 displays the following scenarios.
• If the user is authenticated locally (on the 7705 SAR router), local authorization is
supported and remote (RADIUS) authorization cannot be performed.
• If the user is authenticated by the RADIUS server, both local authorization and
remote (RADIUS) authorization are supported.
• If the user is TACACS+ authenticated, local authorization is supported and remote
(RADIUS) authorization cannot be performed.
When authorization is configured and profiles are downloaded to the router from the
RADIUS server, the profiles are considered temporary configurations and are not saved when
the user session terminates.
Table 2: Supported Authorization Configurations
Local Authorization RADIUS Authorization
7705 SAR configured user Supported Not Supported
RADIUS server configured user Supported Supported
TACACS+ server configured user Supported Not Supported
To Next Page
Loading...
