EasyManuals Logo

Arris C4C User Manual

Arris C4C
3180 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #844 background imageLoading...
Page #844 background image
Chapter 29: Security
STANDARD Revision 1.0 C4® CMTS Release 8.3 User Guide
© 2016 ARRIS Enterprises LLC. All Rights Reserved. 844
PPP, SLIP, privilege-level change (e.g., entering enable mode), and password change. It employs an unbounded, server-
controlled challenge-response mechanism in which the server may issue any number of challenges to a user prior to
accepting or rejecting a service request. If the server rejects a service request, the client drops the connection. Otherwise,
the client establishes the service parameters (e.g., session timeout, idle timeout, privilege level) as directed by the server
and initiates the service.
Only TACACS+ directly supports authorization for user activities via independent request/response transactions. With
TACACS+, the client forwards each user command along with any associated arguments to the server where the
accept/reject decision is made. On acceptance, the server may add additional arguments to the command line or may even
override the entire argument list. The client is responsible for executing the accepted command with the server-supplied
argument additions or overrides.
TACACS+ supports both shell and command accounting. The client autonomously forwards start-of-service and end-of-
service information to an accounting server. This information can include the number of bytes or packets transmitted or
received, the elapsed time in seconds, the reason for termination, and so on. For shell accounting, successful
authentication represents the start of service and session termination represents the end of service. For command
accounting, successful authorization represents the start of service and command completion represents the end of
service.
TACACS+ Servers and Server Groups
TACACS+ uses TCP/IP for all client/server communication and requires payload encryption via MD5. A TACACS+ client must
be provisioned with server-specific parameters such as IP address, port number, and shared secret. Some network
architectures may require multiple servers for reliability purposes. Other architectures may require independent TACACS+
servers (or server clusters) for each AAA function.
The C4/c CMTS supports six independently configurable TACACS+ servers. The current implementation of TACACS+ has the
following characteristics:
Configuration information will include the server’s IP addresses, port number, shared secret, and timeout value.
There is support for three independently configurable TACACS+ server groups. Configuration information must include
the group name and a list of TACACS+ servers belonging to the group.
A single TACACS+ server may be assigned to multiple server groups. Multiple TACACS+ server groups may share
common backup servers.
All TACACS+ server and server group configuration information persists across system reboots and power-cycles.

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Arris C4C and is the answer not in the manual?

Arris C4C Specifications

General IconGeneral
CategoryControl Unit
ManufacturerArris
ModelC4C
Wireless CapabilityNo
DOCSIS StandardDOCSIS 3.0

Related product manuals