Security
7705 SAR OS System Management Guide 23
When using authorization, maintaining a user database on the router is not required. User
names can be configured on the RADIUS server. User names and their associated passwords
are temporary and are not saved in the configuration database when the user session
terminates.
• Local Authorization
• RADIUS Authorization
• TACACS+ Authorization
Local Authorization
Local authorization uses user profiles and user access information after a user is
authenticated. The profiles and user access information specify the actions the user can and
cannot perform.
By default, local authorization is enabled. Local authorization is disabled only when a
different remote authorization method is configured (RADIUS authorization or TACACS+).
Local authorization is restored when RADIUS authorization is disabled.
You must configure profile and user access information locally.
RADIUS Authorization
RADIUS authorization grants or denies access permissions for a 7705 SAR router.
Permissions include the use of FTP, Telnet, SSH (SCP), and console access. When granting
Telnet, SSH (SCP) and console access to the 7705 SAR router, authorization can be used to
limit what CLI commands the user is allowed to issue and which file systems the user is
allowed or denied access to.
TACACS+ Authorization
Like RADIUS authorization, TACACS+ grants or denies access permissions for a 7705 SAR
router. The TACACS+ server sends a response based on the user name and password.
TACACS+ separates the authentication and authorization functions. RADIUS combines the
authentication and authorization functions.
To Next Page
Loading...
