User guide
Security Administration Remote Authorization (RADIUS / Tacacs+) on Devices
100
AlliedView NMS Administration Guide
4.7 Remote Authorization (RADIUS / Tacacs+) on Devices
RADIUS and Tacacs+ are remote authentication protocols used by devices to authenticate telnet user-client sessions. When
the user logs in, the device forwards all login information to the RADIUS servers first, followed by the Tacacs+ servers (if
RADIUS is not available) for authentication until it receives a response back from one of them. Depending on the exchange
of messages, the device grants or denies access for the session. RADIUS uses UDP/IP for transmitting information across the
network, while Tacacs+ uses TCP/IP.
Note: For complete information on the RADIUS / Tacacs+ protocol and how they are handled by Allied Telesis devices, refer to the
iMAP Software Reference Manual and AlliedWare Plus Reference Manuals.
When the AlliedView NMS is initially configured and logs in to a device that is configured with RADIUS/Tacacs+, only a user-
level privilege can be assigned. To allow for security officer level, the client must send a special “ENABLE SECURITY
OFFICER” command string (“ENABLE” for AlliedWare Plus devices) back to the server. The server prompts for a
“Passcode” (“Password for AlliedWare Plus devices). The client then transmits the appropriate passcode (password) after
which the session has a Security Officer level (level 15).
Note: Only iMAP (15.1 and up) and AlliedWare Plus (5.4.2 and up) devices support Tacacs+.
Note: Devices other than iMAPs supporting RADIUS provide a direct “SECURITY” access after first authentication, if discovered as
the “SECURITY” level user.
Device Backup/Restore Operation Permits backup and restore operations
Software Configuration Operation Permits software configuration operations
Device Information Operation Permits the display of device information
SNMP Agent Operation Permits SNMP Agent operations
SNMP Community Operation Permits SNMP Community operations
Configure VLAN Operation Permits VLAN configuration operations (Includes EPSR)
Card Management Operation Permits card management operations
Port View Operation Port Management Operation (complete control)
Port Provision Operation (view and provision/deprovision)
SysLog Management Operation Permits access to syslog application
Command Script Mgmt Operation Permits command script management operations
Configuration File Mgmt Operation Permits file management operations
Profile and QoS Operation Profile and QoS Policy Operations
Rediscover Operation Permits rediscovery operations
Application Manager Operation Permits access to the Application Manager
Telnet Cutthru Operation Permits Telnet cut-through
GUI Cutthru Operation Permits GUI cut-through
Manage CLI Users Operation Permits CLI user management operations
Manage System Log Configuration
Permits access to System Log Configuration (
control the system log
daemon, event logging, and the logs that are stored in the
database)
TABLE 4-15 Operations for AT Object Operation
Operation Description