Specifications

9-3
Cisco SN 5428-2 Storage Router Software Configuration Guide
78-15471-01
Chapter 9 Configuring Authentication
Using Authentication
Enable Authentication
When configured, a user enters password information each time the CLI enable command is entered
from the management console, or from a Telnet or SSH management session.
Because the enable command does not require you to enter a user name, configured authentication
services that require a user name (such as RADIUS or TACACS+ servers) are passed the default user
name, $enab15$, along with the entered password for authentication. If no authentication services are
configured, the entered password is checked against the Administrator mode password configured for
the storage router.
If the storage router is configured to allow FTP access, Enable authentication also authenticates users
attempting to login and establish an FTP session with the storage router.
Login Authentication
When configured, you are prompted to enter a user name and password each time access to the storage
router is attempted from the management console, or from a Telnet or SSH management session.
AAA Authentication Services
AAA authentication is configured by defining the authentication services available to the storage router.
iSCSI, Enable and Login authentication types use AAA authentication services to administer security
functions. If you are using remote security servers, AAA is the means through which you establish
communications between the SN 5428-2 and the remote RADIUS or TACACS+ security server.
Table 9-1 lists the AAA authentication services and indicates which authentication types can be
performed by each service.
Table 9-1 AAA Authentication Services
Authentication
Service Description Authentication Types
RADIUS A distributed client/server system that secures
networks against unauthorized access. The SN 5428-2
sends authentication requests to a central RADIUS
server that contains all user authentication and network
service access information.
All
TACACS+ A security application that provides centralized
validation of users. TACACS+ services are maintained
in a database on a TACACS+ daemon running,
typically, on a UNIX or Windows NT workstation.
All
Local or
Local-case
Uses a local username database on the storage router
for authentication. Local-case indicates that the user
name authentication is case-sensitive. Passwords
authentication is always case-sensitive.
Login and iSCSI
authentication only
Enable Uses the Administrator mode password configured for
the storage router.
Enable and Login
authentication only
Monitor Uses the Monitor mode password configured for the
storage router.
Enable and Login
authentication only