beautypg.com

General system requirements, General system requirements -10 – IronPort Systems 4108GL User Manual

Page 164

background image

9-10

Using Passwords and TACACS+ To Protect Against Unauthorized Access
TACACS+ Authentication for Central Control of Switch Access Security

Usi

n

g P

a

ssword

s a

nd

T

A

CA

CS

+

Authentication:

The process for granting user access to a device

through entry of a user name and password and comparison of this
username/password pair with previously stored username/password
data. Authentication also grants levels of access, depending on the
privileges assigned to a user name and password pair by a system
administrator.

Local Authentication:

This method uses username/password

pairs configured locally on the switch; one pair each for manager-
level and operator-level access to the switch. You can assign local
usernames and passwords through the CLI or web browser inter-
face. (Using the menu interface you can assign a local password,
but not a username.) Because this method assigns passwords to
the switch instead of to individuals who access the switch, you
must distribute the password information on each switch to
everyone who needs to access the switch, and you must configure
and manage password protection on a per-switch basis. (For
more on local authentication, see the password and username
information in the Configuration and Management Guide on the
Documentation CD-ROM shipped with your Switch 4108GL.

TACACS+ Authentication:

This method enables you to use a

TACACS+ server in your network to assign a unique password,
user name, and privilege level to each individual or group who
needs access to one or more switches or other TACACS-aware
devices. This allows you to administer primary authentication
from a central server, and to do so with more options than you
have when using only local authentication. (You will still need to
use use local authentication as a backup if your TACACS+ servers
become unavailable.) This means, for example, that you can use
a central TACACS+ server to grant, change, or deny access to a
specific individual on a specific switch instead of having to
change local user name and password assignments on the switch
itself, and then have to notify other users of the change.

General System Requirements

To use TACACS+ authentication, you need the following:

A TACACS+ server application installed and configured on one or
more servers or management stations in your network. (There are
several TACACS+ software packages available.)

A switch configured for TACACS+ authentication, with access to one
or more TACACS+ servers.