© Copyright IBM Corp. 2011
Chapter 5. Authentication & Authorization Protocols
69
2. Configure the secret and second secret.
3. If desired, you may change the default TCP port number used to listen to
.
The well-known port for is 49.
4. Configure the number of retry attempts, and the timeout period.
LDAP Authentication and Authorization
N/OS supports the LDAP (Lightweight Directory Access Protocol) method to
authenticate and authorize remote administrators to manage the switch. LDAP is
based on a client/server model. The switch acts as a client to the LDAP server. A
remote user (the remote administrator) interacts only with the switch, not the
back-end server and database.
LDAP authentication consists of the following components:
•
A protocol with a frame format that utilizes TCP over IP
•
A centralized server that stores all the user authorization information
•
A client: in this case, the switch
Each entry in the LDAP server is referenced by its Distinguished Name (DN). The
DN consists of the user-account name concatenated with the LDAP domain name.
If the user-account name is John, the following is an example DN:
uid=John,ou=people,dc=domain,dc=com
Configuring the LDAP Server
G8000 user groups and user accounts must reside within the same domain. On the
LDAP server, configure the domain to include G8000 user groups and user
accounts, as follows:
•
User Accounts:
Use the
uid
attribute to define each individual user account.
•
User Groups:
Use the
members
attribute in the
groupOfNames
object class to create the user
groups. The first word of the common name for each user group must be equal
to the user group names defined in the G8000, as follows:
– admin
– oper
– user
RS G8000(config)#
tacacs-server primary-host 10.10.1.1 key
<1-32 character secret>
RS G8000(config)#
tacacs-server secondary-host 10.10.1.2 key
<1-32 character secret>
RS G8000(config)#
tacacs-server port
<TCP port number>
RS G8000(config)#
tacacs-server retransmit 3
RS G8000(config)#
tacacs-server timeout 5
Summary of Contents for RackSwitch G8000
Page 1: ...RackSwitch G8000 Application Guide...
Page 2: ......
Page 3: ...RackSwitch G8000 Application Guide...
Page 16: ...16 RackSwitch G8000 Application Guide...
Page 22: ...20 RackSwitch G8000 Application Guide...
Page 23: ...Copyright IBM Corp 2011 21 Part 1 Getting Started...
Page 24: ...22 RackSwitch G8000 Application Guide...
Page 54: ...52 RackSwitch G8000 Application Guide...
Page 55: ...Copyright IBM Corp 2011 53 Part 2 Securing the Switch...
Page 56: ...54 RackSwitch G8000 Application Guide...
Page 92: ...90 RackSwitch G8000 Application Guide...
Page 94: ...92 RackSwitch G8000 Application Guide...
Page 144: ...142 RackSwitch G8000 Application Guide...
Page 145: ...Copyright IBM Corp 2011 143 Part 4 Advanced Switch ing Features...
Page 146: ...144 RackSwitch G8000 Application Guide...
Page 148: ...146 RackSwitch G8000 Application Guide...
Page 182: ...180 RackSwitch G8000 Application Guide...
Page 184: ...182 RackSwitch G8000 Application Guide...
Page 212: ...210 RackSwitch G8000 Application Guide...
Page 258: ...256 RackSwitch G8000 Application Guide...
Page 286: ...284 RackSwitch G8000 Application Guide...
Page 294: ...292 RackSwitch G8000 Application Guide...
Page 298: ...296 RackSwitch G8000 Application Guide...
Page 310: ...308 RackSwitch G8000 Application Guide...
Page 311: ...Copyright IBM Corp 2011 309 Part 7 Network Management...
Page 312: ...310 RackSwitch G8000 Application Guide...
Page 320: ...318 RackSwitch G8000 Application Guide...
Page 332: ...330 RackSwitch G8000 Application Guide...
Page 334: ...332 RackSwitch G8000 Application Guide...
Page 345: ...Copyright IBM Corp 2011 343 Part 9 Appendices...
Page 346: ...344 RackSwitch G8000 Application Guide...
Page 357: ...Copyright IBM Corp 2011 Appendix C Notices 355 Taiwan Class A compliance statement...