Dell FCX624-S Laptop User Manual


  Open as PDF
of 1494
 
PowerConnect B-Series FCX Configuration Guide 1167
53-1002266-01
Configuring TACACS/TACACS+ security
32
TACACS+ authentication
When TACACS+ authentication takes place, the following events occur.
1. A user attempts to gain access to the Dell PowerConnect device by doing one of the following:
Logging into the device using Telnet, SSH, or the Web Management Interface
Entering the Privileged EXEC level or CONFIG level of the CLI
2. The user is prompted for a username.
3. The user enters a username.
4. The Dell PowerConnect device obtains a password prompt from a TACACS+ server.
5. The user is prompted for a password.
6. The user enters a password.
7. The Dell PowerConnect device sends the password to the TACACS+ server.
8. The password is validated in the TACACS+ server database.
9. If the password is valid, the user is authenticated.
TACACS+ authorization
Dell PowerConnect devices support two kinds of TACACS+ authorization:
Exec authorization determines a user privilege level when they are authenticated
Command authorization consults a TACACS+ server to get authorization for commands entered
by the user
When TACACS+ exec authorization takes place, the following events occur.
1. A user logs into the Dell PowerConnect device using Telnet, SSH, or the Web Management
Interface
2. The user is authenticated.
3. The Dell PowerConnect device consults the TACACS+ server to determine the privilege level of
the user.
4. The TACACS+ server sends back a response containing an A-V (Attribute-Value) pair with the
privilege level of the user.
5. The user is granted the specified privilege level.
When TACACS+ command authorization takes place, the following events occur.
1. A Telnet, SSH, or Web Management Interface user previously authenticated by a TACACS+
server enters a command on the Dell PowerConnect device.
2. The Dell PowerConnect device looks at its configuration to see if the command is at a privilege
level that requires TACACS+ command authorization.
3. If the command belongs to a privilege level that requires authorization, the Dell PowerConnect
device consults the TACACS+ server to see if the user is authorized to use the command.
4. If the user is authorized to use the command, the command is executed.