AI296 Version 9.8x User’s Guide
AI296 Local Menu System: Identifying AI296 Menu System Security Options
3-2
Identifying AI296 Menu System Security Options
AI296 has a variety of security options, including:
z Multilevel User Name and Password Security
z RADIUS Authentication
z TACACS+ Authentication
z PPP Authentication Protocols (PAP and CHAP)
Multilevel User Name and Password Security
Up to 10 configurable user account profiles can be assigned to an AI296 user. Five
system profiles are available for providing various levels of user access. For more
information about user profiles, refer to command profile on page 1-103.
RADIUS Authentication
RADIUS authentication verifies user login information against valid user information in
a database on a centralized RADIUS authentication server. A primary and secondary
RADIUS server are configurable to provide secure access for an entire AI296
network. AI296 RADIUS authentication is available for Telnet, asynchronous, and
synchronous ports. For more information on RADIUS authentication, refer to section
RADIUS Configuration on page 1-19.
TACACS+ Authentication
TACACS+ authentication verifies user login information against the user’s permission
level on a TACACS+ server. Up to 9 TACACS+ servers are configurable to provide
secure access for an entire AI296 network. AI296 TACACS+ authentication is
available for Telnet, asynchronous, and FTP connections. For more information on
TACACS+ authentication and server configuration, refer to the following commands:
z aaa
z tacacs
z tacacs server
PPP Authentication Protocols (PAP and CHAP)
All asynchronous and synchronous PPP links are configurable to use either PAP or
CHAP PPP authentication protocols. PAP establishes peer identity using a 2-way
handshake that is done only upon initial link establishment. CHAP performs a 3-way
handshake upon initial link establishment, then proceeds to verify the link with 3-way
handshakes at random intervals. CHAP also encrypts the user’s password over the
PPP link to provide added security.