TACACS+ parameters
Digi TransPort User Guide 688
Functions of the AAA services
If TACACS+ authentication is enabled, the request is sent to the TACACS+ server. If disabled, the
router performs the authentication. At this point authorization is also performed. If TACACS+
authorization is disabled, the user access level is obtained from the local user table on the router.
If TACACS+ authorization is enabled, an authorization request is sent to the TACACS+ server. The
server returns a privilege level and may also return other attributed such as a new idle time for
this session, which takes precedence over locally configured values.
When the user has been authenticated and access has been authorized, the login is allowed. If
the connection is via telnet or SSH, a welcome message showing the access level and the method
of authentication is displayed. If the access level was assigned locally the following message is
displayed:
Welcome. Your access level is SUPER
If the access level was assigned by the TACACS+ server, the following message is displayed:
Welcome. Your access level is obtained remotely
If accounting is enabled, session start and stop messages are sent to the TACACS+ server when
the session opens and closes. During the session, details of commands executed and denied due
to access level control will be sent to the TACACS+ server. At the end of the session the stop
message is sent to the TACACS+ server with the elapsed session time included.
TACACS+ to local privilege level mappings
TACACS+ level Local level
>= 15 Super
12-14 High
8-11 Medium
4-8 Low
0-3 None
To Next Page
Loading...
