RackSwitch G8000 Application Guide
Chapter 1: Accessing the Switch
31BMD00041, November 2008
TACACS+ authentication features in Blade OS
Authentication is the action of determining the identity of a user, and is generally done when
the user first attempts to log in to a device or gain access to its services. Blade OS supports
ASCII inbound login to the device. PAP, CHAP and ARAP login methods, TACACS+ change
password requests, and one-time password authentication are not supported.
Authorization
Authorization is the action of determining a user’s privileges on the device, and usually takes
place after authentication.
The default mapping between TACACS+ authorization levels and Blade OS management
access levels is shown in Table 1-3. The authorization levels must be defined on the TACACS+
server.
Alternate mapping between TACACS+ authorization levels and Blade OS management access
levels is shown in Table 1-4. Use the following command to set the alternate TACACS+ autho-
rization levels.
Table 1-3 Default TACACS+ Authorization Levels
Blade OS User Access Level TACACS+ level
user 0
oper 3
admin 6
RS G8000 (config)#
tacacs-server privilege-mapping
Table 1-4 Alternate TACACS+ Authorization Levels
Blade OS User Access Level TACACS+ level
user 0 - 1
oper 6 - 8
admin 14 - 15
