9-3
Cisco SN 5428-2 Storage Router Software Configuration Guide
OL-5239-01
Chapter 9 Configuring Authentication
Using Authentication
Enable Authentication
When configured, a user enters password information each time the CLI enable command is entered
from the management console, or from a Telnet or SSH management session. If the storage router is
configured to allow FTP access, Enable authentication also authenticates users attempting to login and
establish an FTP session with the storage router.
Using RADIUS Security Servers
Because the enable command does not require you to enter a user name, RADIUS authentication
services are passed the default user name, $enab15$, along with the entered password for authentication.
If no authentication services are configured, the entered password is checked against the Administrator
mode password configured for the storage router.
Using TACACS+ Security Servers
Because the enable command does not require you to enter a user name, TACACS+ authentication
services are passed the user name used at login, along with the entered password, for authentication. If
a user name was not needed for login, the storage router will prompt the user to enter a user name, along
with the enable password, when the enable command is issued.
Login Authentication
When configured, you are prompted to enter a user name and password each time access to the storage
router is attempted from the management console, or from a Telnet or SSH management session.
Authentication Services
Authentication is configured by defining the authentication services available to the storage router.
iSCSI, Enable and Login authentication types use authentication services to administer security
functions. If you are using remote security servers, AAA is the means through which you establish
communications between the SN 5428-2 and the remote RADIUS or TACACS+ security server.
Table 9-1 lists the authentication services and indicates which authentication types can be performed by
each service.
Table 9-1 Authentication Services
Authentication
Service Description Authentication Types
RADIUS A distributed client/server system that secures
networks against unauthorized access. The SN 5428-2
sends authentication requests to a central RADIUS
server that contains all user authentication and network
service access information.
All
TACACS+ A security application that provides centralized
validation of users. TACACS+ services are maintained
in a database on a TACACS+ daemon running,
typically, on a UNIX or Windows NT workstation.
All