TACACS+ Authentication | IBM Partner Pavilion BMD00082 instruction

SmartConnect User’s Guide

TACACS+ Authentication

The switch supports authentication and authorization with networks using the Cisco Systems TACACS+ protocol. The switch functions as the Network Access Server (NAS) by interacting with the remote client and initiating authentication and authorization sessions with the TACACS+ access server. The remote user is defined as someone requiring management access to the switch either through a data or management port.

TACACS+ Authentication Features

Authentication is the action of determining the identity of a user, and is generally done when the user first attempts to log in to a device or gain access to its services. The switch supports ASCII inbound login to the device. PAP, CHAP and ARAP login methods, TACACS+ change password requests, and one-time password authentication are not supported.

Authorization

Authorization is the action of determining a user’s privileges on the device, and usually takes place after authentication.

The mapping between TACACS+ authorization levels and switch management access levels is shown in Table 6-4 on page 74. The authorization levels must be defined on the TACACS+ server.

Table 6-4SmartConnect-Proprietary Attributes for TACACS+

User Access Level

TACACS+ level

user0

oper3

admin6

Configuring TACACS+ Authentication

1.On the BBI, choose System Settings > Remote User Administration to configure TACACS+ authentication.

2.In the Tacacs+ section of the window, enter the Tacacs+ Primary Server IP address and TACACS+ Secret.

3.Select enable for the Tacacs+ option.

4.Click Apply to make your changes active, and Save to retain changes beyond reboot.

74 Chapter 6: Configuring Switch Access

BMD00082, February 2009

Image 76

IBM Partner Pavilion BMD00082 manual TACACS+ Authentication Features, Authorization, Configuring TACACS+ Authentication

Contents

User’s Guide SmartConnect User’s Guide Contents Switch Virtualization Part 2 BBI Reference Boot Management Switch Statistics SmartConnect User’s Guide Preface Who Should Use This User’s Guide What You’ll Find in This User’s Guide Part 1 Basic Concepts and ConfigurationPart 2 BBI Reference Typographic Conventions How to Get HelpTypographic Conventions 10 „ Preface Part 1 Basic Concepts & Configuration 12 „ Part 1 Basic Concepts & Configuration VSE SmartConnect Software Operation VSE SmartConnect Software Overview 14 „ VSE SmartConnect Software Operation Configuring the Chassis Management System Configuring the Upstream Networking DeviceConfiguring the Chassis Processor Blades VSE SmartConnect Software Quick Start 16 „ VSE SmartConnect Software Operation Getting Started with the Browser- Based Interface Web Browser Set UpRequirements ASmartConnect Login Prompt Starting the BBI Bbbi Startup Screen Updating the Software Image Transferring the New Image to the SwitchLoading the New Software Image CBoot Management Window shown with Stacking enabled Uploading a Software Image from the Switch Selecting a Software Image to Run Selecting a Configuration Block Active, backup, or factory Resetting the Switch Switch Virtualization Port Groups Virtual Switch GroupsVirtual Machine Groups Link Aggregation Port Access VLANsNetwork Segmentation Port-Based Vlan Tagging Defined VLANs Trunking External Trunks ATrunking External Ports Trunking Rules Built-In Fault Tolerance Switch FailoverStatistical Load Distribution Link Aggregation Control Protocol Setting the Number of Links to Trigger Failover Configuring Switch Failover Internal Trunks CTrunking Internal Ports Igmp Snooping Configuring a Backup Server Port ServerMobility General Configuration 1ServerMobility General Configuration Fields Configuration Port Configuration2ServerMobility Port Configuration Fields Dhcp Server Configuration SmartConnect User’s Guide 42 „ Switch Virtualization Stacking Backup Stacking RequirementsStack Membership Master Master and Backup Selection Master and Backup Behavior Configuring a Stack Stack Member Numbers Configuring Each Switch Configure the Stack Trunk ports optional # cfg/stack/mif Locating the Master Switch Internal Management IP Interface Additional Master ConfigurationViewing Stack Connections CStack Switch Configuration Window Binding Members to the Stack Configuring an External IP Address for the Stack DStack IP Interfaces Configuration Window Managing a Stack EPort Status with Stacking Stacking Internal Port Settings Additional Internal Port Settings for StackingStacking Port Numbers Stacking VLANs Stacking Boot Management buttons Stacking Boot ManagementUpgrading Stack Software Info/stack/pushstat Command Reference CLI Menus Menu Summary „ Statistics Menu „ Boot Options Menu Viewing Pending Changes Viewing, Applying, and Saving ChangesApplying Pending Changes Saving the Configuration # save Configuring Switch Access Management Module Setup Configuring the Default Gateway Factory Default vs. MM Assigned IP AddressesSwitch IP Addresses, Based on Switch-Module Bay Numbers Configuring Management Module for Switch Access ASwitch Configuration in the Management Module Window Cfg/sys/access/https/access e Using Telnet Connect to the Switch via SSH Access via Http Using the Browser-Based InterfaceAccess via Https Https//192.168.70.127 Securing Access to the Switch Setting Allowable Source IP Address Ranges Configuring an IP Address Range for the Management Network Radius Authentication and Authorization Configuring RadiusUser Access Levels User Accounts User Name/Access User-Service-Type Value 3SmartConnect-Proprietary Attributes for Radius TACACS+ Authentication TACACS+ Authentication FeaturesAuthorization Configuring TACACS+ Authentication End User Access Control Considerations for Configuring End User Accounts Configuring End-User Access Control Logging in to an End-User Account Protected Mode CSwitch Protected Mode Configuration Window Secure Shell and Secure Copy Configuring SSH/SCP Features Enabling or Disabling SCP Apply and Save Using SSH and SCP Client Commands Configuring the SCP Administrator PasswordTo Log In to the Switch To Download the Switch Configuration Using SCP To Upload the Configuration to the Switch Apply and Save the Configuration SSH and SCP Encryption of Management Messages Generating RSA Host and Server Keys for SSH Access Cfg/sys/sshd/skeygen SSH/SCP Integration with Radius Authentication SSH/SCP Integration with TACACS+ AuthenticationUsing SecurID with SSH SecurID Support Using SecurID with SCP 86 „ Configuring Switch Access Part 2 BBI Reference 88 „ Part 2 BBI Reference Understanding the Browser-Based Interface SmartConnect BBI Screen AMain VSE SmartConnect Software Screen Port Status Area 1Port Status Colors Menu Area Bvse SmartConnect Software Menu Area Configuration Window Configuration Buttons 94 „ Understanding the Browser-Based Interface Virtual Switch Groups Port Groups Virtual Machine Groups Link Aggregation Virtual Switch Groups Membership Switch Management PortsAssigning Ports to VSGs Assigning Virtual Machines to VSGs Delete Virtual Switch Group Settings Virtual Switch Groups SettingsSwitch Failover Reset to Default Link Aggregation Control ProtocolIgmp Snooping Bpdu Policy Virtual Switch Groups ACL QoS Add or remove ACLs or ACL sets for the specified VSG ports Switch Policies Internal Port Settings Internal Port Settings Fields External Port Settings 2External Port Settings Fields Management Port Settings Management Port Settings Fields Port Mirroring ACL Configuration Table Access Control ListsSearching for an Existing ACL Adding a New ACL „ or 4ACL Configuration Fields Access Control ListAdd or Edit ACLs Number, just as with sport above ACL Metering Settings 5ACL Metering Configuration Fields6ACL Remarking Configuration Fields ACL Remark Control Access Control List Sets 7ACL Sets Configuration Fields Quality of Service Ieee 8021p for MAC-Level QoS 8DSCP Configuration Fields DiffServ Code Point QoS 4FB2F3A86E3435548B0BD82DF2B7E949 ServerMobility General Configuration 9ServerMobility General Configuration Fields ServerMobility Port Configuration 10ServerMobility Port Configuration Fields System Settings Management Settings System Log1SNMP Management Fields 2Management Fields General Settings 3General Configuration Fields 4Built-In User Administration Fields Local User AdministrationBuilt-In Users User Configuration 5Local User Administration Fields Remote User Administration 6RADIUS Fields TACACS+ 7TACACS+ Fields Time Services Settings General SettingsNTP Settings 8Time Services General Settings Fields Switch Protected Mode ErrDisable System Settings10ErrDisable Configuration Fields Management Network Settings Bootstrap Protocol Settings11Management Network Configuration Fields 12BOOTP Configuration Fields SSH/Telnet Settings Switch SSH SettingsSwitch Telnet Settings 13SSH Configuration Fields Virtual Machine Group Settings 15VM Group Configuration Fields Syslog Settings Stack Switch Configuration Stacking ConfigurationStack Switch Configuration Fields „ Stack Switch Configuration on „ Managing a Stack on Stack IP Interfaces 132 „ System Settings Boot Management General Boot Settings Boot Management buttons Figuration block Boot Schedule 2Boot Schedule Fields 136 „ Boot Management Switch Information Access Control List Information Access Control List Sets Information Bootstrap Protocol Relay Information 2BOOTP Relay Information FieldsARP Cache Information 1ARP Cache Information Fields Forwarding Database Information 3FDB Information Fields Virtual Switch Group Information 4Virtual Switch Group Information Fields Igmp Information Igmp Multicast GroupsIgmp Snooping Multicast Router Ports 5IGMP Multicast Groups information Default Gateways 8Default Gateway informationIP Information IP Interfaces Link Status Information 9Link Status information ServerMobility General Information 10ServerMobility General information ServerMobility Port Information Server Mobility Port information SNMPv3 Information 12SNMPv3 information SNMPv3 information VacmSecurityToGroup Table Syslog Messages SnmpTargetParams Table Port Transceiver Status Trunk Groups InformationTransceiver information Trunk Group information User Access information User InformationVirtual Machine Group Information VM Group information 152 „ Switch Information Access Control List Statistics Switch Statistics1ACL Statistics Address Resolution Protocol Statistics FDB StatisticsLayer 3 Statistics 2FDB Statistics Icmp Statistics 4ICMP Statistics TCP Statistics 5TCP Statistics UDP Statistics 6UDP Statistics Igmp Group Snooping Statistics Summary 7IGMP Snooping Statistics IP Statistics 8IP Statistics MP-Specific Information Dont Fragment flag was set CPU Utilization MP Packet Statistics9CPU Utilization 10MP Packet Statistics Switch Ports Statistics Summary Network Time Protocol StatisticsPort Statistics NTP Statistics Symbols Index TACACS+