Mellanox MLNX-OS® User Manualfor SX1018HP Ethernet Managed Blade Switch

ManualsBrandsHP ManualsComputer AccessoriesMellanox SX1018HP Ethernet Switch for c-Class BladeSystem

Rev 1.6.9

Mellanox Technologies

Mellanox Technologies Confidential

It is used for several reasons:

• RADIUS facilitates centralized user administration

• RADIUS consistently provides some level of protection against

an active attacker

For information on the RADIUS commands, please

refer to Mellanox MLNX-OS Command Ref-

erence Guide.

4.10.1.2 TACACS+

TACACS (Terminal Access Controller Access Control System), widely use

d in network environ-

ments, is a client/server protocol that enables remote

access servers to communicate with a cen-

tral server to authenticate dial-in users and authorize their acce

ss to the requested system or

service. It is commonly used for providing NAS (Network Access Security). NAS ensures secure

access from remotely connected users. TACACS implements the TACACS Client and provides

the AAA (Authentication, Authorization and Accounting) functionalities.

TACACS is used for several reasons:

• Facilitates centralized user administration

• Uses TCP for transport to

ensure reliable delivery

• Supports inbound authentication, outbound authentication and change password request

for the authentication service

• Provides some level of protection against an

active attacker

For information on the TACACS+

commands, please refer to Mellanox MLNX-OS Command

Reference Guide.

4.10.1.3 LDAP

LDAP (Lightweight Directory Access Protocol) is a

n authentication protocol that allows a

remote access server to forward a user's logon password to an authentication server to determine

whether access can be allowed to a given system. LDAP is based on a client/server model. The

switch acts as a client to the LDAP server. A remote user (the remote administrator) interacts

only with the switch, not the back-end server and database.

LDAP authentication consists of the following co

mponents:

• A protocol with a frame format that utilizes TCP over IP

• A centralized server that stores all

the user authorization information

• A client: in this case, the switch

Each entry in the LDAP server is

referenced by its Distinguished Name (DN). The DN consists

of the user-account name concatenated with the LDAP domain name. If the user-account name is

John, the following is an example DN:

uid=John,ou=people,dc=domain,dc=com

For information on the LDAP commands, please refer to Mellanox MLNX-OS Command Refer-

ence Guide.