EasyManua.ls Logo

AudioCodes Mediant 8000 - Page 379

AudioCodes Mediant 8000
924 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Version 6.6 379 October 2014
Installation & Operation Manual 33. Configuring Security Settings
cmd-arg = <arguments>" (e.g. moBoard#6)
Accounting Request sent after the command completion, includes the following AV-
pairs:
stop_time = <stop time> (in seconds since 1/1/1970)
elapsed_time = <elapsed time> (in seconds)
cmd = <command> (e.g. show)
cmd-arg = <arguments>" (e.g. moBoard#6)
33.18.6.1.4 Working With TACACS+ Server : ROOT and EMS Users
For typical configurations, the Mediant 8000 should be configured to perform
authentication of root and ems users using the local user database (instead of via the
TACACS+ servers). This architecture ensures that common maintenance tasks
performed by the EMS server (e.g. Online Software Upgrade) do not depend on the
TACACS+ servers’ availability and will continue to work even in case of a temporary
network outage. It also allows provisioning of different passwords for these task-critical
users on different Media Gateways thus enhancing overall network security.
Users who nevertheless wish to store user profiles for root and ems users on
TACACS+ server, may do so by configuring the parameter Skip AAA Validation For
Special Users to Disabled as described in the following sections.
33.18.6.1.5 Configuring Media Gateway to Work With TACACS+ Servers
To configure the Mediant 8000 to work with centralized TACACS+ servers:
1. Connect to the Mediant 8000 CLI interface (on active SC board) and login as
root user.
2. Disable synchronization of local CLI user database with EMS server via tools
user sync disable command.
3. Delete all CLI users, except root and ems from the local user database on SC
boards, via the tools user del all command.
4. In the EMS, click
to access the Media Gateway status screen.
5. In the Navigation pane, select Security and then in the configuration pane, select
Security Settings; the Security Settings screen is displayed.
6. In the Security Settings screen, select the CLI Authentication tab.
7. At the bottom of the screen, use the
or buttons to add or remove
TACACS+ servers. Configure TACACS+ server settings according to the "AAA
Server Settings" table below. After completing the configuration, unlock table
entries by right-clicking on the row and choosing Unlock.
8. Set External Authentication Server to TACACS.
9. Configure TACACS+ settings according to the "TACACS+ Settings" table below.

Table of Contents

Related product manuals