An access device is a switch, a router, or any other device that supports TACACS+. As the TACACS+ client, an access device sends TACACS packets to the TACACS server.
Access control list (ACL) is a traffic identification mechanism. An ACL includes a set of rules configured on a network device to permit or deny the specified traffic according to the predefined policy.
An authorization policy is a way of authorizing device management privileges to a device user. An authorization policy comprises multiple sets of authorization items. Each set of authorization items defines the shell profile and command set assigned to a device user in an authorization scenario. The system determines the authorization items to be used and the management privileges to be authorized to the device user according to the priority of each set of authorization items.
Denylist is a state of a device user. A device user in denylist cannot pass authentication. A device user can be added to the denylist in two cases. Case 1: Blocked by an operator manually for some reason to disable login of the device user to devices. Case 2: Blocked automatically by the system for malicious login attempts. The system determines a user as malicious if the user consecutively enters wrong login passwords. When the maximum number of login attempts is reached, the system automatically adds the user to the denylist. A manually blocked user can only be removed from the denylist manually. An automatically blocked user is removed from the denylist at 00:00:00 the next day.
Network resources, users, and services are managed objects in INC. Device users are users that can log in to and manage network devices. Each device user has an account, which is used for identity authentication during device login.
Lightweight Directory Access Protocol (LDAP) provides a way to access the directory server (LDAP server) for authentication. The directory server provides user authentication information in a tree structure.
Operators manage INC. You can manage the operators through the platform and specify their management rights. Besides the login password, you can also limit the operator's access through ACL. That is, the operators can log in to the system only with the IP addresses permitted by the ACL.
Terminal Access Controller Access Control System (TACACS) is an AAA protocol. TACACS+ enhances and extends TACACS, uses TCP as the transport layer protocol, and uses port number 49. The authentication, authorization, and accounting (audit in this system) provided by TACACS+ are separated and not mandatory. This is different from the RADIUS protocol. TACACS+ allows any-length and any-content authentication exchanges, and therefore it has good extensibility. The TAM system uses TACACS+ to control authorization behaviors of device users. When a device user logs in to a device and asks for authentication and authorization, the device uses TACACS+ to communicate with the TACACS server, and assigns the corresponding management privileges of the device to the device user according to the server configuration.