1. Manuals
  2. Brands
  3. Ericsson Manuals
  4. Network Hardware
  5. MINI-LINK 6351
  6. Technical description

Ericsson MINI-LINK 6351 Technical Description page 51

Hide thumbs Also See for MINI-LINK 6351:
Table of Contents

Advertisement

TACACS+
The TACACS+ protocol enables the building of a system that secures remote
access to networks and network services. TACACS+ is based on a client/server
architecture. The TACACS+ servers are configured on a per-context basis, with
a limit of six servers.
1/22102-HRA 901 17/9 Uen PU1 | 2016-07-04
Authorization
The NE supports fetching the user roles through a RADIUS server. The
NE uses local authorization information to distinguish which privileges
belong to a role.
The authorization process is based on the user role (system admin,
network admin, operator, or guest). For local user authentication, the
role is defined when the user account is created, and is stored locally
as part of the user configuration. For authentication using RADIUS,
the RADIUS server provides the user role when the user logs on to
the NE . For locally-authenticated users, the locally stored user policy
configuration will be used, for example, password expiration and user
account expiration. The NE can be managed in situations when a
RADIUS server is unreachable. Therefore it ensures there is always
at least one locally-authenticated system administrator account. The
default locally-authenticated system administrator account is admin.
The NE does not allow any configuration change that would delete all
locally-authenticated system administrator accounts.
RADIUS Server-Client Feature
The NE supports up to six RADIUS servers. It connects to the servers
one-by-one according to their priorities. If no server is reachable, the NE
enables local authentication automatically.
The NE supports three RADIUS packet types: Access-Request,
Access-Accept, and Access-Reject.
A RADIUS Access-Request message containing the authentication
information is sent to a remote server. When the RADIUS server receives
the request, it validates the client using a "shared secret". If the client
is valid, the RADIUS server consults its user database to validate the
access. The server responds to an Access-Request message with either
an Access-Reject message or an Access-Accept message. On receipt
of an Access-Reject message, the client refuses access to the user. On
receipt of an Access-Accept message, the client grants access to the user.
If the NE does not receive a RADIUS response to an Access-Request
message within the configured timeout, it keeps retransmitting the request
until it receives a response, or until the configured number of maximum
transmissions has been reached.
Management
47
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Ericsson MINI-LINK 6351

Related Products for Ericsson MINI-LINK 6351

Table of Contents