How Tacacs+ Authentication Works; Tacacs+ Authentication Features; Authorization - HP 438031-B21 - 1:10Gb Ethernet BL-c Switch Application Manual

Hp 1:10gb ethernet bl-c switch for c-class bladesystem application guide

Hide thumbs Also See for 438031-B21 - 1:10Gb Ethernet BL-c Switch:

Reference manual (252 pages)

Command reference manual (208 pages)

Cli reference manual (190 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

Table of Contents

TACACS+ offers the following advantages over RADIUS:

TACACS+ uses TCP-based connection-oriented transport; whereas RADIUS is UDP based. TCP offers

a connection-oriented transport, while UDP offers best-effort delivery. RADIUS requires additional

programmable variables such as re-transmit attempts and time-outs to compensate for best-effort

transport, but it lacks the level of built-in support that a TCP transport offers.

TACACS+ offers full packet encryption whereas RADIUS offers password-only encryption in

authentication requests.

TACACS+ separates authentication, authorization, and accounting.

How TACACS+ authentication works

TACACS+ works much in the same way as RADIUS authentication.

Remote administrator connects to the switch and provides user name and password.

NOTE:

The user name and password can have a maximum length of 128 characters. The

password cannot be left blank.

Using Authentication/Authorization protocol, the switch sends request to authentication server.

Authentication server checks the request against the user ID database.

Using TACACS+ protocol, the authentication server instructs the switch to grant or deny

administrative access.

During a session, if additional authorization checking is needed, the switch checks with a TACACS+

server to determine if the user is granted permission to use a particular command.

TACACS+ authentication features

Authentication is the action of determining the identity of a user, and is generally done when the user first

attempts to log in to a device or gain access to its services. Switch software supports ASCII inbound login

to the device. PAP, CHAP and ARAP login methods, TACACS+ change password requests, and one-time

password authentication are not supported.

Authorization

Authorization is the action of determining a user's privileges on the device, and usually takes place after

authentication.

The default mapping between TACACS+ authorization privilege levels and switch management access

levels is shown in the table below. The privilege levels listed in the following table must be defined on the

TACACS+ server.

Default TACACS+ privilege levels

Table 4

User access level

user

oper

admin

TACACS+ level

Accessing the switch

Table of Contents

Troubleshooting

This manual is also suitable for:

1:10gbe

How Tacacs+ Authentication Works; Tacacs+ Authentication Features; Authorization - HP 438031-B21 - 1:10Gb Ethernet BL-c Switch Application Manual

How TACACS+ authentication works

TACACS+ authentication features

Authorization

Troubleshooting

Related Manuals for HP 438031-B21 - 1:10Gb Ethernet BL-c Switch

Related Content for HP 438031-B21 - 1:10Gb Ethernet BL-c Switch

This manual is also suitable for:

Table of Contents