Installation & Operation Manual 376 Document # LTRT-92224
Mediant 8000
For each TACACS+ server, the following parameters may be configured by the user:
IP address
Port
Secret Key
In addition, the AAA Server Connection Timeout parameter may be configured to
determine how long the Media Gateway awaits the response from the currently active
TACACS+ server, before falling back to the redundant server.
The Mediant 8000 implements the following TACACS+ services:
Authentication – for user login via SSH, SCP, SFTP and RS-232 management
interfaces and su command.
Authorization – for all Media Gateway specific CLI commands (e.g. show,
tpCmd, tools).
Accounting – for all user activity on the Media Gateway CLI interface (i.e. both for
Media Gateway specific commands – e.g. show – and for generic OS commands
– e.g. ls).
Gateway implements a local cache of user profiles. This cache is used in emergency
situations when communication with TACACS+ servers is not possible (e.g. in case of
global network outage). In such scenarios, users who logged into the Mediant 8000
CLI interface recently (e.g. within the last 30 days) will be able to login using the
credentials stored in the local user profile cache. The cache is automatically
synchronized between active and standby SC boards.
To Next Page
Loading...
