Security Controls
26 7705 SAR OS System Management Guide
Security Controls
You can configure the 7705 SAR to use RADIUS, TACACS+, and local authentication to
validate users requesting access to the network. The order in which password authentication
is processed among RADIUS, TACACS+ and local passwords can be specifically
configured. For example, the authentication order can be configured to process authorization
via TACACS+ first, then RADIUS for authentication and accounting. Local access can be
specified next in the authentication order in the event that the RADIUS and TACACS+
servers are not operational.
When a Server Does Not Respond
A trap is issued if a RADIUS server is unresponsive. An alarm is raised if RADIUS is enabled
with at least one RADIUS server and no response is received to either accounting or user
access requests from any server.
Periodic checks to determine if the primary server is responsive again are performed. If a
server is down, it will not be contacted for 5 minutes. If a login is attempted after 5 minutes,
then the server is contacted again. If a server has the health check feature enabled and is
unresponsive, the server’s status is checked every 30 seconds. Health check is enabled by
default. When a service response is restored from at least one server, the alarm condition is
cleared. Alarms are raised and cleared on the Alcatel-Lucent Fault Manager or other third
party fault management servers.
The servers are accessed in order from lowest to highest specified index (from 1 to 5) for
authentication requests until a response from a server is received. A higher indexed server is
only queried if no response is received from a lower indexed server. If a response from the
server is received, no other server is queried.
Access Request Flow
In Figure 2, the authentication process is defined in the config>system>security>
password context. The authentication order is determined by specifying the sequence in
which password authentication is attempted among RADIUS, TACACS+, and local servers.
To Next Page
Loading...
