1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Network Router
  5. EX2500
  6. Configuration manual

Tacacs+ Authentication; How Tacacs+ Authentication Works; Tacacs+ Authentication Features In The Ex2500 Switch - Juniper EX2500 Configuration Manual

Juniper networks switch user manual
Hide thumbs Also See for EX2500:
Table of Contents

Advertisement

EX2500 Ethernet Switch Configuration Guide

TACACS+ Authentication

14
Securing Access to the Switch
The EX2500 switch supports authentication and authorization with networks using
the TACACS+ protocol. The EX2500 switch functions as the Network Access Server
(NAS) by interacting with the remote client and initiating authentication and
authorization sessions with the TACACS+ access server. The remote user is
defined as someone requiring management access to the EX2500 switch either
through a data port or a management port.
TACACS+ offers the following advantages over RADIUS:
TACACS+ uses TCP-based connection-oriented transport, whereas RADIUS is
UDP-based. TCP offers a connection-oriented transport, while UDP offers
best-effort delivery. RADIUS requires additional programmable variables such
as re-transmit attempts and time-outs to compensate for best-effort transport,
but it lacks the level of built-in support that a TCP transport offers.
TACACS+ offers full packet encryption, whereas RADIUS offers password-only
encryption in authentication requests.
TACACS+ separates authentication, authorization, and accounting.

How TACACS+ Authentication Works

TACACS+ works in much the same way as RADIUS authentication, as described on
page 11. The remote administrator connects to the switch and provides a
username and password.
1. Using Authentication/Authorization protocol, the switch sends a request to
authentication server.
2. The authentication server checks the request against the user ID database.
3. Using TACACS+ protocol, the authentication server instructs the switch to
grant or deny administrative access.
During a session, if additional authorization checking is needed, the switch checks
with a TACACS+ server to determine if the user is granted permission to use a
particular command.

TACACS+ Authentication Features in the EX2500 Switch

Authentication is the action of determining the identity of a user, and is generally
done when the user first attempts to log in to a device or gain access to its services.
The EX2500 switch supports ASCII inbound login to the device. PAP, CHAP, and
ARAP login methods; TACACS+ change password requests; and one-time
password authentication are not supported.
Authorization
Authorization is the action of determining a user's privileges on the device, and
usually takes place after authentication.
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Juniper EX2500

Related Content for Juniper EX2500

Table of Contents