IBM Partner Pavilion BMD00082 Benutzerhandbuch

SmartConnect User’s Guide

Chapter 6: Configuring Switch Access

BMD00082, February 2009

TACACS+ Authentication

The switch supports authentication and authorization with networks using the Cisco Systems
TACACS+ protocol. The switch functions as the Network Access Server (NAS) by interacting
with the remote client and initiating authentication and authorization sessions with the
TACACS+ access server. The remote user is defined as someone requiring management access
to the switch either through a data or management port.

TACACS+ Authentication Features

Authentication is the action of determining the identity of a user, and is generally done when
the user first attempts to log in to a device or gain access to its services. The switch supports
ASCII inbound login to the device. PAP, CHAP and ARAP login methods, TACACS+ change
password requests, and one-time password authentication are not supported.

Authorization

Authorization is the action of determining a user’s privileges on the device, and usually takes
place after authentication.

The mapping between TACACS+ authorization levels and switch management access levels is
shown in

Table 6-4 on page 74

. The authorization levels must be defined on the TACACS+

server.

Configuring TACACS+ Authentication

On the BBI, choose System Settings > Remote User Administration to configure
TACACS+ authentication.

In the Tacacs+ section of the window, enter the Tacacs+ Primary Server IP address and
TACACS+ Secret.

Select enable for the Tacacs+ option.

Click Apply to make your changes active, and Save to retain changes beyond reboot.

Table 6-4

SmartConnect-Proprietary Attributes for TACACS+

User Access Level

TACACS+ level

user

oper

admin