Security
7705 SAR OS System Management Guide 27
This example uses the authentication order of RADIUS, then TACACS+, and finally, local.
An access request is sent to RADIUS server 1. One of two scenarios can occur. If there is no
response from the server, the request is passed to the next RADIUS server with the next
lowest index (RADIUS server 2) and so on, until the last RADIUS server is attempted
(RADIUS server 5). If server 5 does not respond, the request is passed to the TACACS+
server 1. If there is no response from that server, the request is passed to the next TACACS+
server with the next lowest index (TACACS+ server 2) and so on.
If a request is sent to an active RADIUS server and the user name and password are not
recognized, access is denied and passed on to the next authentication option, in this case, the
TACACS+ server. The process continues until the request is either accepted, denied, or each
server is queried. Finally, if the request is denied by the active TACACS+ server, the local
parameters are checked for user name and password verification. This is the last chance for
the access request to be accepted.
Figure 2: Security Flow
RADIUS
Server 1
Access
Denied
RADIUS
Server 2
No Response
Access
Denied
No Response
Access
Denied
No Response
Access
Denied
No Response
RADIUS
Server 3
RADIUS
Server 4
RADIUS
Server 5
Start
Deny
Deny
Deny
Access
Accept
19672
TACACS+
Server 1
Access
Denied
TACACS+
Server 2
Local
No Response
Access
Denied
No Response No Response No Response
TACACS+
Server 3
TACACS+
Server 4
TACACS+
Server 5
To Next Page
Loading...
