Filter
Top Products
Alteon OS Application Guide
Chapter 1: Accessing the Switch
4942C4911, January 2007
Authorization
Authorization is the action of determining a user’s privileges on the device, and usually takes
place after authentication.
The default mapping between TACACS+ authorization levels and Alteon OS management
access levels is shown in Table 1-4. The authorization levels must be defined on the TACACS+
server.
Alternate mapping between TACACS+ authorization levels and Alteon OS management
access levels is shown in Table 1-5. Use the command /cfg/sys/tacacs/cmap ena
to use the alternate TACACS+ authorization levels.
If the remote user is successfully authenticated by the authentication server, the switch verifies
the privileges of the remote user and authorizes the appropriate access. The administrator has
an option to allow backdoor access via Telnet (/cfg/sys/tacacs/telnet). The default
value for Telnet access is disabled. The administrator also can enable secure backdoor
(/cfg/sys/tacacs/secbd), to allow access if both the primary and the secondary
TACACS+ servers fail to respond.
NOTE – To obtain the TACACS+ backdoor password for your GbESM, contact your IBM
Service and Support line.
Table 1-4 Default TACACS+ Authorization Levels
Alteon OS User Access Level TACACS+ level
user 0
oper 3
admin 6
Table 1-5 Alternate TACACS+ Authorization Levels
Alteon OS User Access Level TACACS+ level
user 0 - 1
oper 6 - 8
admin 14 - 15