![background image](http://html.mh-extra.com/html/cisco/sce-1000-and/sce-1000-and_configuration-manual_64496106.webp)
5-12
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 5 Configuring the Management Interface and Security
Configuring the Available Interfaces
Information About Authentication, Authorization, and Accounting
•
Authentication, Authorization, and Accounting, page 5-12
•
Login Authentication, page 5-12
•
Accounting, page 5-13
•
Privilege Level Authorization, page 5-13
•
General AAA Fallback and Recovery Mechanism, page 5-14
•
About Configuring , page 5-14
Authentication, Authorization, and Accounting
is a security application that provides centralized authentication of users attempting to gain
access to a network element. The implementation of protocol allows customers to configure
one or more authentication servers for the SCE platform, providing a secure means of managing the SCE
platform, as the authentication server will authenticate each user. This then centralizes the authentication
database, making it easier for the customers to manage the SCE platform.
services are maintained in a database on a server running, typically, on a UNIX
or Windows NT workstation. You must have access to and must configure a server before the
configured features on your network element are available.
The protocol provides authentication between the network element and the ACS,
and it can also ensure confidentiality, if a key is configured, by encrypting all protocol exchanges
between a network element and a server.
The protocol provides the following three features:
•
Login authentication
•
Privilege level authorization
•
Accounting
Login Authentication
The SCE platform uses the ASCII authentication message for CLI, Telnet and SSH access.
allows an arbitrary conversation to be held between the server and the user until the server
receives enough information to authenticate the user. This is usually done by prompting for a username
and password combination.
The login and password prompts may be provided by the server, or if the server
does not provide the prompts, then the local prompts will be used.
The user log in information (user name and password) is transmitted to the server for
authentication. If the server indicates that the user is not authenticated, the user will be
re-prompted for the user name and password. The user is re-prompted a user-configurable number of
times, after which the failed login attempt is recorded in the SCE platform user log and the telnet session
is terminated (unless the user is connected to the console port.)