Mellanox MLNX-OS User Manual for SX1018HP Ethernet Managed Blade Switch

ManualsBrandsHP ManualsComputer AccessoriesMellanox SX1018HP Ethernet Switch for c-Class BladeSystem

241

242

243

244

245

246

247

248

249

250

Rev 2.10

Mellanox Technologies

241

Mellanox Technologies Confidential

4.9.1.2 TACACS+

TACACS (Terminal Access Controller Access Control System), widely used in ne

twork environ-

ments, is a client/server protocol that enables remote ac

cess servers to communicate with a cen-

tral server to authenticate dial-in users and authorize their access to

the requested system or

service. It is commonly used for providing NAS (Network Access Security). NAS ensures secure

access from remotely connected users. TACACS implements the TACACS Client and provides

the AAA (Authentication, Authorization and Accounting) functionalities.

TACACS is used for several reasons:

• Facilitates centralized user administration

• Uses TCP for transport to

ensure reliable delivery

•

Supports inbound authentication, outbound authentication and change password request

for the authentication service

• Provides some level of protection against an a

ctive attacker

4.9.1.3 LDAP

LDAP (Lightweight Directory Access Protocol) is a

authentication protocol that allows a

remote access server to forward a user's logon password to an authentication server to determine

whether access can be allowed to a given system. LDAP is based on a client/server model. The

switch acts as a client to the LDAP server. A remote user (the remote administrator) interacts

only with the switch, not the back-end server and database.

LDAP authentication consists of the following comp

onents:

• A protocol with a frame format that utilizes TCP over IP

• A centralized server that stores all

the user aut

horization information

• A client: in this case, the switch

Each entry in the LDAP server is referenced by i

ts Distinguished Name (DN). The DN consists

of the user-account name concatenated with the LDAP domain name. If the user-account name is

John, the following is an example DN:

uid=John,ou=people,dc=domain,dc=com

4.9.2 User Accounts

There are two user account types: admin and monitor. As admin, the user is privileged to execute

all the available operations. As monitor, the user can execute operations that display system con-

figuration and status, or set terminal settings.

Table 23 - User Roles (Accounts) and Default Passwords

User Role Default Password

admin admin

monitor monitor