RackSwitch G8000 Application Guide

TACACS+ authentication features in Blade OS

Authentication is the action of determining the identity of a user, and is generally done when the user first attempts to log in to a device or gain access to its services. Blade OS supports ASCII inbound login to the device. PAP, CHAP and ARAP login methods, TACACS+ change password requests, and one-time password authentication are not supported.

Authorization

Authorization is the action of determining a user’s privileges on the device, and usually takes place after authentication.

The default mapping between TACACS+ authorization levels and Blade OS management access levels is shown in Table 1-3. The authorization levels must be defined on the TACACS+ server.

Table 1-3Default TACACS+ Authorization Levels

Blade OS User Access Level

TACACS+ level

user0

oper3

admin6

Alternate mapping between TACACS+ authorization levels and Blade OS management access levels is shown in Table 1-4. Use the following command to set the alternate TACACS+ autho- rization levels.

RS G8000 (config)# tacacs-server privilege-mapping

Table 1-4Alternate TACACS+ Authorization Levels

Blade OS User Access Level

TACACS+ level

user0 - 1

oper6 - 8

admin14 - 15

BMD00041, November 2008

Chapter 1: Accessing the Switch „ 31

Page 31
Image 31
Blade ICE G8000 manual TACACS+ authentication features in Blade OS, Authorization