Cisco Cisco Packet Data Gateway (PDG)
Table 1: RADIUS Attribute/Value Mapping System
Value
Attribute
2
Framed
6
Administrative (Administrator)
7
NAS_Prompt
8
Authenticate_Only
17
Authorize_Only
19650516
Inspector
19660618
Security_Admin
RADIUS Privileges
There are four RADIUS privilege roles. The following table shows the relationship between the privilege
roles in the CLI configuration and RADIUS Service-Type.
roles in the CLI configuration and RADIUS Service-Type.
Table 2: CLI Privilege Roles and RADIUS Service Types
show admin Type
RADIUS Service Type
CLI Configuration Parameter
admin
Security_Admin (19660618)
administrator
cfgadm
Administrative (6)
config_administrator
oper
NAS_Prompt (7)
operator
inspect
Inspector (19650516)
inspector
Authenticating Administrative Users with TACACS+
The ASR 5x00 or StarOS virtual machine is identified as a Network Access Server (NAS) and remotely
accesses the Terminal Access Controller Access Control System+ (TACACS+) server for information about
users who can perform administrative operations on the system.
accesses the Terminal Access Controller Access Control System+ (TACACS+) server for information about
users who can perform administrative operations on the system.
The NAS is defined as a client-side requesting component associated with a specific IP address. StarOS only
supports one NAS with one IP address. This NAS processes TACACS+ protocol packets within the local
context. Several management services may be associated with a login.
supports one NAS with one IP address. This NAS processes TACACS+ protocol packets within the local
context. Several management services may be associated with a login.
StarOS only supports multiple-connection mode with a TACACS+ server. In a multiple-connection mode,
each TACACS+ session opens and maintains a separate and private TCP connection to the server. When the
session ends, this connection is always closed.
each TACACS+ session opens and maintains a separate and private TCP connection to the server. When the
session ends, this connection is always closed.
TACACS+ users and their passwords are defined and stored on the TACACS+ server. They are stored in a
persistent space and are always known to the server while the server is running. The users are not directly
known to the NAS.
persistent space and are always known to the server while the server is running. The users are not directly
known to the NAS.
Command Line Interface Reference, Modes A - B, StarOS Release 19
4
Command Line Interface Overview
Authenticating Administrative Users with TACACS+