Silver Peak appliances support user authentication and authorization as a condition of providing access rights.
n Authentication is the process of validating that the end user, or a device, is who or what they claim to be.
n Authorization is the action of determining what a user is allowed to do. Generally, authentication precedes authorization.
n Map order refers to the order in which the authentication databases are queried.
n The configuration specified for authentication and authorization applies globally to all users accessing that appliance.
n If a logged-in user is inactive for an interval that exceeds the inactivity time-out, the appliance logs them out and returns them to the login page. You can change that value, as well as the maximum number of sessions, on the Administration - Session Management page.
n support a built-in, local database
n can be linked to a RADIUS (Remote Address Dial-In User Service) server
n can be linked to a TACACS+ (Terminal Access Controller Access Control System) server.
n The two user groups are admin and monitor. You must associate each user name with one or the other. Neither group can be modified or deleted.
n The monitor group supports reading and monitoring of all data, in addition to performing all actions. This is equivalent to the Command Line Interface's (CLI) enable mode privileges.
n The admin group supports full privileges, along with permission to add, modify, and delete. This is equivalent to the Command Line Interface's (CLI) configuration mode privileges.
n RADIUS authentication requests must be accompanied by a shared secret. The shared secret must be the same as defined in the RADIUS setup. Please see your RADIUS documentation for details.
n Important: Configure your RADIUS server's priv levels within the following ranges:
• admin = 7 - 15
• monitor = 1 - 6
n Transactions between the TACACS+ client and TACACS+ servers are also authenticated through the use of a shared secret. Please see your TACACS+ documentation for details.
n
n For Authentication Order, configure the following:
• First = Local
• Second = either RADIUS or TACACS+. If not using either, then None.
• Third = None
n When using RADIUS or TACACS+ to authenticate users, configure Authorization Information as follows:
• Map Order = Remote First
• Default User = admin
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |