HP Mellanox SX1018 Mellanox MLNX-OS® User Manualfor SX1018HP Ethernet - Page 55
Tacacs, 10.1.3 Ldap
View all HP Mellanox SX1018 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 55 highlights
Rev 1.6.9 It is used for several reasons: • RADIUS facilitates centralized user administration • RADIUS consistently provides some level of protection against an active attacker For information on the RADIUS commands, please refer to Mellanox MLNX-OS Command Reference Guide. 4.10.1.2 TACACS+ TACACS (Terminal Access Controller Access Control System), widely used in network environments, is a client/server protocol that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. It is commonly used for providing NAS (Network Access Security). NAS ensures secure access from remotely connected users. TACACS implements the TACACS Client and provides the AAA (Authentication, Authorization and Accounting) functionalities. TACACS is used for several reasons: • Facilitates centralized user administration • Uses TCP for transport to ensure reliable delivery • Supports inbound authentication, outbound authentication and change password request for the authentication service • Provides some level of protection against an active attacker For information on the TACACS+ commands, please refer to Mellanox MLNX-OS Command Reference Guide. 4.10.1.3 LDAP LDAP (Lightweight Directory Access Protocol) is an authentication protocol that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system. LDAP is based on a client/server model. The switch acts as a client to the LDAP server. A remote user (the remote administrator) interacts only with the switch, not the back-end server and database. LDAP authentication consists of the following components: • A protocol with a frame format that utilizes TCP over IP • A centralized server that stores all the user authorization information • A client: in this case, the switch Each entry in the LDAP server is referenced by its Distinguished Name (DN). The DN consists of the user-account name concatenated with the LDAP domain name. If the user-account name is John, the following is an example DN: uid=John,ou=people,dc=domain,dc=com For information on the LDAP commands, please refer to Mellanox MLNX-OS Command Reference Guide. Mellanox Technologies 55 Mellanox Technologies Confidential