© Copyright Lenovo 2017 Chapter 5: Authentication & Authorization Protocols 105
TACACS+ Authentication Features in Enterprise NOS
Authenticationistheactionofdeterminingtheidentityofauser,andisgenerally
donewhentheuserfirstattemptstologintoadeviceorgainaccesstoitsservices.
EnterpriseNOSsupportsASCIIinboundlogintothedevice.PAP ,CHAPand
ARAPloginmethods, TACACS+changepasswordrequests,
andone‐time
passwordauthenticationarenotsupported.
Authorization
Authorizationistheactionofdeterminingauser’sprivilegesonthedevice,and
usuallytakesplaceafterauthentication.
ThedefaultmappingbetweenTACACS+authorizationlevelsandEnterpriseNOS
managementaccesslevelsisshowninTable 9.Theauthorizationlevelslistedin
thistablemustbedefinedontheTACACS+server.
Alternatemapping
betweenTACACS+au thorizationlevelsandEnterpriseNOS
managementaccesslevelsisshowninTable 10.Usethefollowingcommandtouse
thealternateTACACS+authorizationlevels:
YoucancustomizethemappingbetweenTACACS+privilegelevelsandCN4093
managementaccesslevels.Usethefollowingcommandtomanuallymapeach
TACACS+privilegelevel
(0‐15)toacorrespondingCN4093managementaccess
level:
Iftheremoteuserissuccessfullyauthenticatedbytheauthenticationserver,the
switchverifiesthe privilegesoftheremoteuserandauthorizestheappropriate
access.
Table 9.
DefaultTACACS+AuthorizationLevels
Enterprise NOS User Access
Level
TACACS+ Level
user 0
oper 3
admin (USERID) 6
CN 4093(config)# tacacs-server privilege-mapping
Table 10. AlternateTACACS+AuthorizationLevels
Enterprise NOS User Access
Level
TACACS+ Level
user 0–1
oper 6–8
admin (USERID) 14–15
CN 4093(config)# tacacs-server user-mapping
To Next Page
Loading...
Need help?
General