For releases after 15.0 MR4, TACACS+ accounting (CLI event logging) will not be generated for Lawful
Intercept users with privilege level set to 15 and 13.
Important
User Account Requirements
Before configuring TACACS+ AAA services, note the following TACACS+ server and StarOS user account
provisioning requirements.
TACACS+ User Account Requirements
The TACACS+ server must be provisioned with the following TACACS+ user account information:
•
A list of known administrative users.
•
The plain-text or encrypted password for each user.
•
The name of the group to which each user belongs.
•
A list of user groups.
•
TACACS+ privilege levels and commands that are allowed/denied for each group.
TACACS+ privilege levels are stored as Attribute Value Pairs (AVPs) in the network's TACACS+ server
database. Users are restricted to the set of commands associated with their privilege level. A mapping of
TACACS+ privilege levels to StarOS CLI administrative roles and responsibilities is provided in the table
below.
Important
To display the default mapping of TACACS+ privilege levels to CLI administrative roles, run the Exec mode
show tacacs priv-lvl command. The default mapping varies based on the StarOS release and build type.
TACACS+ priv-levels can be reconfigured from their default StarOS authorization values via the TACACS+
Configuration mode priv-lvl and user-id commands. For additional information, see the TACACS+
Configuration Mode Commands chapter of the Command Line Interface Reference.
In release 20.0 and higher Trusted StarOS builds, FTP is not supported.Important
StarOS User Account Requirements
TACACS+ users who are allowed administrative access to the system must have the following user account
information defined in StarOS:
•
username
•
password
•
administrative role and privileges
ASR 5500 System Administration Guide, StarOS Release 21.4
61
System Settings
User Account Requirements
To Next Page
Loading...
Need help?
General
