Administration And Security; Introduction; Tacacs - Nortel 8300 Important Notice

Administration and Security

Introduction

This booklet describes the security features available for the Ethernet
Routing Switch (ERS) 8300 and how to quickly disable non-secure protocols
and configure selected security features. To maintain the security of your
network, Nortel recommends that you disable all non-secure protocols
that can be used to communicate with the Ethernet Routing Switch 8300.
For more information about network security issues, see Nortel Ethernet
Routing Switch 8300 Configuration — Security using Device Manager
(NN46200-508) and Nortel Ethernet Routing Switch 8300 Configuration —
Security using CLI and NNCLI (NN46200-503).

TACACS+

Ethernet Routing Switch 8300 supports the Terminal Access Controller
Access Control System plus (TACACS+) client. TACACS+ is a security
application implemented as a client/server-based protocol that provides
centralized validation of users attempting to gain access to a router or
network access server. TACACS+ differs from RADIUS in two important
ways:
•
•
TACACS+ encrypts the entire body of the packet, but uses a standard
TACACS+ header.
TACACS+ provides management of users who access a device through any
of the management channels: Telnet, rlogin, FTP, SSH v1, and SSH v2.
During the login process, the TACACS+ client initiates TACACS+
authentication and authorization sessions with the server.
Prompts for login and password occur prior to the authentication process.
If both RADIUS and TACACS+ authentication are enabled, TACACS+
authentication always occurs before RADIUS authentication. If TACACS+
Copyright © 2005-2007, Nortel Networks
.
TACACS+ is a TCP-based protocol
TACACS+ uses full packet encryption, rather than just encrypting the
password (RADIUS authentication request)
Nortel Ethernet Routing Switch 8300
Important Notice — Administration and Security
NN46200-601 3.01 Standard
4.0 27 August 2007
9