EasyManua.ls Logo

Nokia 7705 - 3.1.2 Authorization

Nokia 7705
404 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Security
22
System Management Guide
3HE 11018 AAAC TQZZA Edition: 01
TACACS+ and RADIUS have largely replaced earlier protocols in the newer or
recently updated networks. TACACS+ uses Transmission Control Protocol (TCP)
and RADIUS uses the User Datagram Protocol (UDP). TACACS+ is popular as TCP
is thought to be a more reliable protocol. RADIUS combines authentication and
authorization. TACACS+ separates these operations.
3.1.2 Authorization
The 7705 SAR supports local, RADIUS, and TACACS+ authorization to control the
actions of specific users by applying a profile based on user name and password
configurations once network access is granted. The profiles are configured locally as
well as on the RADIUS server as VSAs. See Vendor-Specific Attributes (VSAs).
Once a user has been authenticated using RADIUS (or another method), the
7705 SAR router can be configured to perform authorization. The RADIUS server
can be used to:
download the user profile to the 7705 SAR router
send the profile name that the node should apply to the 7705 SAR router
Profiles consist of a suite of commands that the user is allowed or not allowed to
execute. When a user issues a command, the authorization server looks at the
command and the user information and compares it with the commands in the profile.
If the user is authorized to issue the command, the command is executed. If the user
is not authorized to issue the command, then the command is not executed.
Profiles must be created on each 7705 SAR router and should be identical for
consistent results. If the profile is not present, then access is denied.
Table 2 displays the following scenarios.
If the user is authenticated locally (on the 7705 SAR router), local authorization
is supported and remote (RADIUS) authorization cannot be performed.
If the user is authenticated by the RADIUS server, both local authorization and
remote (RADIUS) authorization are supported.
If the user is TACACS+ authenticated, local authorization is supported and
remote (RADIUS) authorization cannot be performed.
When authorization is configured and profiles are downloaded to the router from the
RADIUS server, the profiles are considered temporary configurations and are not
saved when the user session terminates.

Table of Contents

Other manuals for Nokia 7705

Preview: Guide
Guide594 pages
Preview: Configuration Guide
Configuration Guide538 pages
Preview: Quality Of Service Guide
Quality Of Service Guide534 pages

Related product manuals