Table of Contents
Advertisement
ACCESS USING TACACS+
8.1.2
TACACS+ Flow
8.1.3
TACACS+ Packet
8–2
TACACS works in conjunction with the local user list on the ML3000 software (operating
system). Please refer to User Management on page 1–15 for adding users on the MultiLink
Switch Software. The process of authentication as well as authorization is shown in the
flow chart below.
Login as Operator
No
Is User Manager?
Yes
Login as Manager
Logout
Logout
Login as Operator
FIGURE 8–1: TACACS Authorization Flowchart
The above flow diagram shows the tight integration of TACACS+ authentication with the
local user-based authentication. There are two stages a user goes through in TACACS+. The
first stage is authentication where the user is verified against the network user database.
The second stage is authorization, where it is determined whether the user has operator
access or manager privileges.
Packet encryption is a supported and is a configurable option for the ML3000 software.
When encrypted, all authentication and authorization TACACS+ packets are encrypted and
are not readable by protocol capture and sniffing devices such as EtherReal or others.
Packet data is hashed and shared using MD5 and secret string defined between the
MultiLink switches and the TACACS+ server.
MULTILINK ML3000 ETHERNET COMMUNICATIONS SWITCH – INSTRUCTION MANUAL
Start
Login
Yes
User in Local
User List?
No
TACACS+ Enabled?
No
Yes
Authentication
Connection failure
failure
Connect to
TACACS server to
authenticate
Authorized as
Authenticated
Operator or
Authorization failure
TACACS+
authorization
Authorized as
Manager
Login as Manager
CHAPTER 8: ACCESS USING TACACS+
Yes
Additional
Additional
Servers?
Servers?
No
Logout
754716A1.CDR
Hide quick links:
Advertisement
Table of Contents
