Cisco Systems SN 5428-2 Enable Authentication, Login Authentication, Authentication Services

9-3

Cisco SN5428-2 Storage Router Software Configuration Guide

OL-5239-01

Chapter9 Configuring Authentication

Using Authentication

Enable Authentication

When configured, a user enters password information each time the CLI enable command is entered

from the management console, or from a Telnet or SSH management session. If the storage router is

configured to allow FTP access, Enable authentication also authenticates users attempting to login and

establish an FTP session with the storage router.

Because the enable command does not require you to enter a user name, RADIUS authentication

services are passed the default user name, $enab15$, along with the entered password for authentication.

If no authentication services are configured, the entered password is checked against the Administrator

mode password configured for the storage router.

Because the enable command does not require you to enter a user name, TACACS+ authentication

services are passed the user name used at login, along with the entered password, for authentication. If

a user name was not needed for login, the storage router will prompt the user to enter a user name, along

with the enable password, when the enable command is issued.

Login Authentication

When configured, you are prompted to enter a user name and password each time access to the storage

router is attempted from the management console, or from a Telnet or SSH management session.

Authentication Services

Authentication is configured by defining the authentication services available to the storage router.

iSCSI, Enable and Login authentication types use authentication services to administer security

functions. If you are using remote security servers, AAA is the means through which you establish

communications between the SN5428-2 and the remote RADIUS or TACACS+ security server.

Table 9 -1 lists the authentication services and indicates which authentication types can be performed by

each service.

Table9-1 Authentication Services

Authentication

Service Description Authentication Types

RADIUS A distributed client/server system that secures

networks against unauthorized access. The SN5428-2

sends authentication requests to a central RADIUS

server that contains all user authentication and network

service access information.

All

TACACS+ A security application that provides centralized

validation of users. TACACS+ services are maintained

in a database on a TACACS+ daemon running,

typically, on a UNIX or Windows NT workstation.

All