84 BigIron RX Series Configuration Guide
53-1002253-01
Configuring TACACS and TACACS+ security
4
4. The device sends a request containing the username and password to the TACACS server.
5. The username and password are validated in the TACACS server’s database.
6. If the password is valid, the user is authenticated.
TACACS+ authentication
When TACACS+ authentication takes place, the following events occur.
1. A user attempts to gain access to the device by doing one of the following:
• Logging into the device using Telnet, SSH, or the Web management interface
• Entering the Privileged EXEC level or CONFIG level of the CLI
2. The user is prompted for a username.
3. The user enters a username.
4. The device obtains a password prompt from a TACACS+ server.
5. The user is prompted for a password.
6. The user enters a password.
7. The device sends the password to the TACACS+ server.
8. The password is validated in the TACACS+ server’s database.
9. If the password is valid, the user is authenticated.
TACACS+ authorization
The device supports two kinds of TACACS+ authorization:
• Exec authorization determines a user’s privilege level when they are authenticated.
• Command authorization consults a TACACS+ server to get authorization for commands
entered by the user.
When TACACS+ exec authorization takes place, the following events occur.
1. A user logs into the device using Telnet, SSH, or the Web Management Interface
2. The user is authenticated.
3. The device consults the TACACS+ server to determine the privilege level of the user.
4. The TACACS+ server sends back a response containing an A-V (Attribute-Value) pair with the
privilege level of the user.
5. The user is granted the specified privilege level.
When TACACS+ command authorization takes place, the following events occur.
1. A Telnet, SSH, or Web Management Interface user previously authenticated by a TACACS+
server enters a command on the device.
2. The device looks at its configuration to see if the command is at a privilege level that requires
TACACS+ command authorization.
3. If the command belongs to a privilege level that requires authorization, the device consults the
TACACS+ server to see if the user is authorized to use the command.
To Next Page
Loading...
