Securing Access to Management Functions
December 2000 3 - 19
NOTE: In releases prior to 07.1.00, a user logging into the device via Telnet or SSH would first enter the User
EXEC level. The user could then enter the enable command to get to the Privileged EXEC level.
Starting with release 07.1.00, a user that is successfully authenticated by a RADIUS or TACACS+ server is
automatically placed at the Privileged EXEC level after login.
TACACS Authentication
When TACACS authentication takes place, the following events occur:
1. A user attempts to gain access to the Foundry device by doing one of the following:
• Logging into the device using Telnet, SSH, or the Web management interface
• Entering the Privileged EXEC level or CONFIG level of the CLI
2. The user is prompted for a username and password.
3. The user enters a username and password.
4. The Foundry device sends a request containing the username and password to the TACACS server.
5. The username and password are validated in the TACACS server’s database.
6. If the password is valid, the user is authenticated.
TACACS+ Authentication
When TACACS+ authentication takes place, the following events occur:
1. A user attempts to gain access to the Foundry device by doing one of the following:
• Logging into the device using Telnet, SSH, or the Web management interface
• Entering the Privileged EXEC level or CONFIG level of the CLI
2. The user is prompted for a username.
3. The user enters a username.
4. The Foundry device obtains a password prompt from a TACACS+ server.
5. The user is prompted for a password.
6. The user enters a password.
7. The Foundry device sends the password to the TACACS+ server.
8. The password is validated in the TACACS+ server’s database.
9. If the password is valid, the user is authenticated.
TACACS+ Authorization
Foundry devices support two kinds of TACACS+ authorization:
• Exec authorization determines a user’s privilege level when they are authenticated
• Command authorization consults a TACACS+ server to get authorization for commands entered by the user
When TACACS+ exec authorization takes place, the following events occur:
1. A user logs into the Foundry device using Telnet, SSH, or the Web management interface
2. The user is authenticated.
3. The Foundry device consults the TACACS+ server to determine the privilege level of the user.
4. The TACACS+ server sends back a response containing an A-V (Attribute-Value) pair with the privilege level
of the user.
5. The user is granted the specified privilege level.
To Next Page
Loading...
