Silver Peak appliances support user authentication and authorization as a condition of providing access rights.
n Authentication is the process of validating that the end user, or a device, is who they claim to be.
n Authorization is the action of determining what a user is allowed to do. Generally, authentication precedes authorization.
n Map order refers to the order in which the authentication databases are queried.
n The configuration specified for authentication and authorization applies globally to all users accessing that appliance.
n
• support a built-in, local database
• can be linked to a RADIUS (Remote Address Dial-In User Service) server
• can be linked to a TACACS+ (Terminal Access Controller Access Control System) server.
n The two user groups are admin and monitor. You must associate each user name with one or the other. Neither group can be modified or deleted.
n The monitor group supports reading and monitoring of all data, in addition to performing all actions. This is equivalent to the Command Line Interface's (CLI) enable mode privileges.
n The admin group supports full privileges, along with permission to add, modify, and delete. This is equivalent to the Command Line Interface's (CLI) configuration mode privileges.
n Important: Configure your RADIUS server's priv levels within the following ranges:
• admin = 7 - 15
• monitor = 1 - 6
n
n For Authetication Order, configure the following:
• First = Local
• Second = either RADIUS or TACACS+. If not using either, then None.
• Third = None
n When using RADIUS or TACACS+ to authenticate users, configure Authorization Information as follows:
• Map Order = Remote First
• Default User = admin
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |