IronPort Systems 4108GL User Manual
Page 162

9-8
Using Passwords and TACACS+ To Protect Against Unauthorized Access
TACACS+ Authentication for Central Control of Switch Access Security
Usi
n
g P
a
ssword
s a
nd
T
A
CA
CS
+
TACACS+ Authentication for Central
Control of Switch Access Security
TACACS+ Features
TACACS+ authentication enables you to use a central server to allow or deny
access to the Switch 4108GL (and other TACACS-aware devices) in your
network. This means that you can use a central database to create multiple
unique username/password sets with associated privilege levels for use by
individuals who have reason to access the switch from either the switch’s
console port (local access) or Telnet (remote access).
Figure 9-4. Example of TACACS+ Operation
Feature
Default
Menu
CLI
Web
view the switch’s authentication configuration
n/a
—
page 14
—
view the switch’s TACACS+ server contact
configuration
n/a
—
page 15
—
configure the switch’s authentication methods
disabled
—
page 16
—
configure the switch to contact TACACS+ server(s) disabled
—
page 19
—
B
Switch 4108GL
Configured for
TACACS+ Operation
Terminal "A" Directly
Accessing the Switch
Via Switch’s Console
Port
Terminal "B" Remotely Accessing The Switch Via Telnet
A
Primary
TACACS+
Server
The switch passes the login
requests from terminals A and B
to the TACACS+ server for
authentication. The TACACS+
server determines whether to
allow access to the switch and
what privilege level to allow for
a given access request.
Access Request A1 - A4 : Path for Request from
Terminal A (Through Console Port)
TACACS Server B1 - B4: Path for Request from
Response Terminal B (Through Telnet)
B1
A2 or
B2
A3 or
B3
B4
A1
A4