EasyManua.ls Logo

EnerSys Alpha Cordex CXC HP - Flash Maintenance; Secure Web Server

EnerSys Alpha Cordex CXC HP
279 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Cordex®CXCHPControllerSoftwareManual|20-Maintainingthecontroller
Test TACACS+ Server Settings: ProvidesachecktodetermineifthebasicTACACS+
configurationissetcorrectly.Thisfeatureadditionallycompletesatrialauthenticationrequestto
ensureitcancontacttheTACACS+server.
Network: OperatesontheTransmissionControlProtocol(TCP).
Notice: The Test TACACS+ Server Settings feature cannot determine if the Attribute Name and
Group Attribute values are spelled correctly since these are set on the TACACS+ server side.
How TACACS+ authentication works
WhenauserlogsinwhentheRemote Authentication Type fieldissettoTACACS+ (RADIUS is
disabled) onthecontroller,thecontrollerwillbegincommunicationwiththeTACACS+server.Apacket
bodycontainingtheuserscredentialswillfirstbeencryptedandsenttotheserver;dependingonthe
TACACS+ Encryption Protocol selected,theremaybemultiplemessagessentbetweenthecontroller
andtheTACACS+server.
IftheTACACS+severauthenticatestheuser,thecontrollerwillthensendaTACACS+Authorization
request.Atthispoint,theTACACS+serverwillrespondwithanyAttribute-Valuepairsthataresetwithin
theserverconfiguration.IfanyofthesepairsmatchtheAttribute Name andoneoftheGroup Attribute
Values oftheUserRolesConfigurationtable,thecontrollerwillassigntherespectiveuserprivilegeand
proceedtologtheuserin.Iftherearenomatches,theuserisdeniedaccess.IftwoormoreGroup
Attribute Values areassignedthesamevalue,thecontrollerwillassignthefirstmatchinguserroleinthe
followingorder:AdminUserRole,thenAccountsUserRole,thenOperatorUserRole,thenRestricted
OperatorUserRole,thenGuestUserRole.
Uponasuccessfullogin,theencryptedusercredentialsaresavedinthecontrollerscache.Thiscanbe
usedifthereisasituationwheretheTACACS+Serverisunavailable.
ThefollowingTACACS+serversettingscanbeconfigured:
Remote Authentication Type: WhensettoTACACS+ (RADIUS is Disabled),usersareallowed
tobeauthenticatedbyaTACACS+server.
TACAS+ Authentication Server Address: TheDNSnameortheIPv4/IPv6addressforthe
TACAS+server.
TACAS+ Authentication Server Port: Thedefaultportis49.
TACAS+ Timeout: Thetime,inseconds,thatthecontrollerwaitsforaresponsefromtheTACAS+
server.
TACAS+ Encryption Protocol: Theauthenticationmethodusedbythecontrollertoencrypt
TACACS+packetbodies.ThisiseitherPasswordAuthenticationProtocol(PAP),Challenge-
HandshakeAuthenticationProtocol(CHAP),orASCIIauthentication.
TACACS+ Server Secret Key: ThesecretkeystoredonboththecontrollerandtheTACACS+
server.SetthisvaluebyusingtheSet Shared Secret button.Youcancleartheconfiguredshared
secretbyusingtheClear Shared Secret button.
0350058-J0 Rev AL Page 217

Table of Contents

Other manuals for EnerSys Alpha Cordex CXC HP

Preview: Integrator Guide
Integrator Guide48 pages