Terminology used in tacacs applications, Terminology used in tacacs applications: -9 – IronPort Systems 4108GL User Manual
Page 163
9-9
Using Passwords and TACACS+ To Protect Against Unauthorized Access
TACACS+ Authentication for Central Control of Switch Access Security
Usi
n
g P
a
sswor
ds and
TA
C
A
CS+
TACACS+ in the Switch 4108GL manages authentication of logon attempts
through either the Console port or Telnet. TACACS+ uses an authentication
hierarchy consisting of (1) remote passwords assigned in a TACACS+ server
and (2) local passwords configured on the switch. That is, with TACACS+
configured, the switch first tries to contact a designated TACACS+ server for
authentication services. If the switch fails to connect to any TACACS+ server,
it defaults to its own locally assigned passwords for authentication control if
it has been configured to do so. For both Console and Telnet access you can
configure a login (read-only) and an enable (read/write) privilege level access.
N o t e s R e g a r d i n g S o f t w a r e R e l e a s e G . 0 1 . xx
Software release G.01.xx for the Switch 4108GL enables TACACS+ authenti-
cation, which allows or denies access to a Switch 4108GL on the basis of
correct username/password pairs managed by the TACACS+ server, and to
specify the privilege level to allow if access is granted. This release does not
support TACACS+ authorization or accounting services.
In release G.01.xx, TACACS+ does not affect web browser interface access.
See "Controlling Web Browser Interface Access" on page 28.
Terminology Used in TACACS Applications:
■
NAS (Network Access Server):
This is an industry term for a
TACACS-aware device that communicates with a TACACS server for
authentication services. Some other terms you may see in literature
describing TACACS operation are communication server, remote
access server
, or terminal server. These terms apply to a Switch
4108GL when TACACS+ is enabled on the switch (that is, when the
switch is TACACS-aware).
■
TACACS+ Server:
The server or management station configured as
an access control server for TACACS-enabled devices. To use
TACACS+ with the Switch 4108GL and any other TACACS-capable
devices in your network, you must purchase, install, and configure a
TACACS+ server application on a networked server or management
station in the network. The TACACS+ server application you install
will provide various options for access control and access notifica-
tions. For more on the TACACS+ services available to you, see the
documentation provided with the TACACS+ server application you
will use.