Manualshelf

Technical data

ManualsBrandsMeru Networks ManualsComputer equipmentOAP180
181182183184185186187188189190
TACACS+ Authentication
© 2012 Meru Networks, Inc. Authentication 159
The Radius server should return the allowed SSID(s) in a Vendor-specific attribute
(VSA) with Vendor code 9 and attribute number 1 in the Access-Accept message. The
attribute value should be string format.
The string should say ssid=<ssid-string> where <ssid-string> is replaced by the actual
SSID (also known as the ESSID).
If a list of multiple allowed SSIDs is used, put each SSID in a separate instance of the
attribute. The order of the attributes does not matter. If the SSID to which the station
is trying to connect is not among the SSIDs returned by the Radius server, the station
will be denied access.This feature has no CLI or Web UI commands associated with
it. If the Radius responds with a list of allowed SSIDs, the list is used to process and
limit the user.
TACACS+ Authentication
Terminal Access Controller Access-Control System Plus (TACACS+) is a remote authen-
tication protocol that runs on a TACACS+ server on the network and is similar to
Radius authentication. There are some differences between the two, however.
Radius combines authentication and authorization in one user profile, while TACACS+
separates the two operations. Another difference is that TACACS+ uses TCP port 49
while RADIUS uses UDP port 1812. System Director 5.1 supports TACACS+ authentica-
tion but not accounting; System Director supports both Radius authentication and
accounting. Only the Cisco ACS server is supported for Tacacs+ authentication.
The TACACS+ level required, 15 (superuser), 10 (admin), and 1 (user), for the activity
on the current GUI window is listed in the Help. Click Help on any GUI window of
System Director. In the CLI, all command lists also include the required authentica-
tion level, which is also now used for both Radius and local admin authentication in
Release 5.1. TACACS+ actually provides eight levels, but Meru only uses the three
authentication levels described here. The three levels used are described below:
A list of acceptable SSIDs that
does not include the ID
Connection is not
accepted
1
Operator is the lowest authentication level and also the default. Operators
can see statistics and results but cannot make any configuration changes.