System Management Guide Security
Edition: 01 3HE 11018 AAAC TQZZA 23
When using authorization, maintaining a user database on the router is not required.
User names can be configured on the RADIUS server. User names and their
associated passwords are temporary and are not saved in the configuration
database when the user session terminates.
• Local Authorization
• RADIUS Authorization
• TACACS+ Authorization
3.1.2.1 Local Authorization
Local authorization uses user profiles and user access information after a user is
authenticated. The profiles and user access information specify the actions the user
can and cannot perform.
By default, local authorization is enabled. Local authorization is disabled only when
a different remote authorization method is configured (RADIUS authorization or
TACACS+). Local authorization is restored when RADIUS authorization is disabled.
You must configure profile and user access information locally.
3.1.2.2 RADIUS Authorization
RADIUS authorization grants or denies access permissions for a 7705 SAR router.
Permissions include the use of FTP, Telnet, SSH (SCP), SFTP, and console access.
When granting Telnet, SSH (SCP), SFTP, and console access to the 7705 SAR
router, authorization can be used to limit what CLI commands the user is allowed to
issue and which file systems the user is allowed or denied access to.
Table 2 Supported Authorization Configurations
Local Authorization RADIUS Authorization
7705 SAR configured user Supported Not Supported
RADIUS server configured user Supported Supported
TACACS+ server configured user Supported Not Supported
To Next Page
Loading...
