search cancel

Question on SSLv implementation and TACACS mapping.


Article ID: 168679


Updated On:


SSL Visibility Appliance Software


TACACS and SSL Visibility have different privilege scales. When implementing TACACS with SSL Visibility, roles and privileges are duplicated after 7.


TACACS RFC utilizes a scale of 1 - 15 for privilege roles.  SSL Visibility does not have 15 privilege roles, it only offers 7.

TACACS Level SSL Visibility Appliance Role
0 auditor
1 auditor + manage-appliance
2 auditor + manage-policy
3 auditor + manage-appliance + manage-policy
4 auditor + pki
5 auditor + manage-appliance + manage-pki
6 auditor + manage-policy + manage-pki
7 auditor + manage-appliance + manage-policy + manage-pki


In order to map to the TACACS draft RFC, SSL Visibility duplicates roles and privileges after 7.  Per the draft RFC for TACACS+ :

"Privilege levels are ordered values from 0 to 15 with each level representing a privilege level that is a superset of the  next  lower value.  If a NAS client uses a different privilege level scheme, then mapping must be provided."

To comply with the mapping requirement, SSL Visibility repeats privileges after 7.

At level 8, it cycles back to SSL Visibility level 0 and ascends again; so level 8=0, level 9=1, and so on.