Package sitesec
The XML API OSS interface uses the sitesec package for secure access to
managed routers. (The 7750 SR is an example of a managed router.) You can
perform the following tasks with the sitesec package:
- create and manage users, profiles and passwords for access to the managed
routers
- configure RADIUS and TACACS+ authentication to allow controlled access to
the managed routers using NFM-P user accounts
RADIUS is an AAA protocol. It provides a standardized method of exchanging
information between a RADIUS client, that is located on the 7750 SR and managed
by the NFM-P, and a RADIUS server, that is located externally from the 7750 SR
and the NFM-P.
The following general rules apply to 7750 SR users and groups:
- The management access filters applied to the managed router apply globally, not
per user.
- The system administrator can limit the type of access per managed router, for
example allowing FTP access, but deny console, Telnet, and SNMP access.
- User profiles exist independently of users, and are not in effect until linked to a
user.
- Creating router user accounts is a useful backup to RADIUS or TACACS+
authentication. If the RADIUS or TACACS+ server fails, or there are user issues
on the servers, access can still be gained to the managed router using the 7750 SR
user account.