TACACS+ Authentication Features in Lenovo ENOS
Authorization
© Copyright Lenovo 2018
Authentication is the action of determining the identity of a user, and is generally
done when the user first attempts to log in to a device or gain access to its services.
Lenovo ENOS supports ASCII inbound login to the device. PAP, CHAP and ARAP
login methods, TACACS+ change password requests, and one‐time password
authentication are not supported.
Authorization is the action of determining a user's privileges on the device, and
usually takes place after authentication.
The default mapping between TACACS+ authorization levels and Lenovo ENOS
management access levels is shown in Table
this table must be defined on the TACACS+ server.
Table 9.
Default TACACS+ Authorization Levels
Lenovo ENOS User Access
Level
user
oper
admin (USERID)
Alternate mapping between TACACS+ authorization levels and Lenovo ENOS
management access levels is shown in Table
the alternate TACACS+ authorization levels:
NE2552E(config)# tacacs-server privilege-mapping
Table 10.
Alternate TACACS+ Authorization Levels
Lenovo ENOS User Access Level
user
oper
admin (USERID)
You can customize the mapping between TACACS+ privilege levels and NE2552E
management access levels. Use the following command to manually map each
TACACS+ privilege level (0‐15) to a corresponding NE2552E management access
level:
NE2552E(config)# tacacs-server user-mapping
If the remote user is successfully authenticated by the authentication server, the
switch verifies the privileges of the remote user and authorizes the appropriate
access.
9. The authorization levels listed in
TACACS+ Level
0
3
6
10. Use the following command to use
TACACS+ Level
0–1
6–8
14–15
Chapter 5: Authentication & Authorization Protocols
105