beautypg.com

Terminology used in tacacs applications, Terminology used in tacacs applications: -9 – IronPort Systems 4108GL User Manual

Page 163

background image

9-9

Using Passwords and TACACS+ To Protect Against Unauthorized Access

TACACS+ Authentication for Central Control of Switch Access Security

Usi
n

g P
a

sswor

ds and

TA
C

A

CS+

TACACS+ in the Switch 4108GL manages authentication of logon attempts
through either the Console port or Telnet. TACACS+ uses an authentication
hierarchy consisting of (1) remote passwords assigned in a TACACS+ server
and (2) local passwords configured on the switch. That is, with TACACS+
configured, the switch first tries to contact a designated TACACS+ server for
authentication services. If the switch fails to connect to any TACACS+ server,
it defaults to its own locally assigned passwords for authentication control if
it has been configured to do so. For both Console and Telnet access you can
configure a login (read-only) and an enable (read/write) privilege level access.

N o t e s R e g a r d i n g S o f t w a r e R e l e a s e G . 0 1 . xx

Software release G.01.xx for the Switch 4108GL enables TACACS+ authenti-
cation, which allows or denies access to a Switch 4108GL on the basis of
correct username/password pairs managed by the TACACS+ server, and to
specify the privilege level to allow if access is granted. This release does not
support TACACS+ authorization or accounting services.

In release G.01.xx, TACACS+ does not affect web browser interface access.
See "Controlling Web Browser Interface Access" on page 28.

Terminology Used in TACACS Applications:

NAS (Network Access Server):

This is an industry term for a

TACACS-aware device that communicates with a TACACS server for
authentication services. Some other terms you may see in literature
describing TACACS operation are communication server, remote
access server

, or terminal server. These terms apply to a Switch

4108GL when TACACS+ is enabled on the switch (that is, when the
switch is TACACS-aware).

TACACS+ Server:

The server or management station configured as

an access control server for TACACS-enabled devices. To use
TACACS+ with the Switch 4108GL and any other TACACS-capable
devices in your network, you must purchase, install, and configure a
TACACS+ server application on a networked server or management
station in the network. The TACACS+ server application you install
will provide various options for access control and access notifica-
tions. For more on the TACACS+ services available to you, see the
documentation provided with the TACACS+ server application you
will use.