View Sntp; Provision Authentication, Authorization, And Accounting (Aaa); Configure Tacacs+ Server(S) - ADTRAN Total Access 5000 Deployment Manual
Hide thumbs
Also See for Total Access 5000:
- Product features (2 pages) ,
- Quick start manual (2 pages) ,
- Manual (4 pages)
Table of Contents
Advertisement
View SNTP
From the Enable prompt, type show sntp , and press E
Provision Authentication, Authorization, and Accounting
(AAA)
AAA contains the following three elements:
• Authentication is the process of logging into the network element. Upon entering a
• Command Authorization provides a process to allow a TACACS+ server to grant or deny
• Command Accounting is the process of notifying a TACACS+ server when the user enters
If using TACACS+ for authentication, then authorization and/or accounting can optionally be
enabled or disabled. The executable CLI commands depend on whether command authori‐
zation is enabled or disabled.
For authentication, both RADIUS and TACACS+ can return a response that requests more
information from the user (such as a challenge question), in which case the product displays
the message from the server to the user, and awaits input from the user. Multiple challenge
transactions can be made during an authentication request.
Authentication also occurs when the user enters enable from the Enable prompt. If
TACACS+ is contained in the authentication login method list, then upon entering enable
from the Enable prompt, the product transmits another authentication request to the
TACACS+ server. As with login, the server can respond with a message requesting more infor‐
mation, such as a password. Successful authentication in this process results in the user being
escalated in privilege level, and granted access to the Enable prompt.
When a user attempts to access the Total Access 5000, the Total Access 5000 connects to the
TACACS+ or RADIUS server to verify the user and what the user can do. The Total Access
5000 must be configured to talk to the correct server, along with the actions to take if the server
cannot be contacted.
Configure TACACS+ Server(s)
To use a TACACS+ server, the server parameters must be configured in the Total Access 5000
so that the Total Access 5000 can communicate with the server.
The Total Access 5000 supports up to 4 TACACS+ servers configured in a single default group.
The servers contain a sequence number that governs the order in which communication is
attempted. When a server is added to the system, it is entered into the default TACACS+
server list as the next available server after any existing servers. A server's sequence number
can be modified. A server having a sequence number of zero is never queried.
To configure a TACACS+ server, complete the following procedure:
1. From the Enable prompt, type configure terminal , and press E
65K510DEP08-1A
Section 3, Common Provisioning - Provision Authentication, Authorization, and Accounting (AAA)
username and password, the local account database or the TACACS+ and/or RADIUS
servers determine if the log on attempt is successful for the given user.
access to a user on a per‐command basis. When a user enters a CLI command, but before
the command is executed, a TACACS+ server is queried to determine if the command can
be executed by that user.
a CLI command. It allows the TACACS+ server to maintain logs of CLI command activity
for each user.
bal Configuration prompt.
to view the SNTP status.
NTER
NTER
to access the Glo‐
3-19
Advertisement
Chapters
Table of Contents
