User Manual
3. Session accounting is on by default. If session accounting information is not wanted, check the
Disable Accounting checkbox. (One reason for not wanting session accounting: if the
authentication server does not respond to accounting requests, said request may introduce a
delay when logging in.)
4. In addition to multiple remote servers you can also enter for separate lists of
Authentication/Authorization servers and Accounting servers. If no Accounting servers are
specified, the Authentication/Authorization servers are used instead.
5. Enter and confirm the Server Password. Select the method to be used to authenticate to the
server (defaults to PAP). To use DES encrypted passwords, select Login
6. If required enter the TACACS Group Membership Attribute that is to be used to indicate group
memberships (defaults to groupname#n)
7. If required, specify TACACS Service to authenticate with. This determines which set of attributes
are returned by the server (defaults to raccess )
8. If required, check Default Admin Privileges to give all TACAS+ authenticated users admin
privileges. Use Remote Groups must also be ticked for these privileges to be granted
9. The TACACS Privilege Level feature only applies to TACACS remote authentication. When Ignore
Privilege Level is enabled, the priv-lvl setting for all of the users defined on the TACACS AAA
server will be ignored
NOTE An Opengear device interprets a user with a TACACS priv-lvl of 12 or above as an admin user.
There is a special case where a user with a priv-lvl of 15 is also given access to all configured
serial ports. When the Ignore Privilege Level option is enabled (i.e. checked in the UI) there
are no escalations of privileges based on the priv-lvl value from the TACACS server.
Also note that if the only thing configured for one or more TACACS users is the priv-lvl (e.g. no
specific port access or group memberships set), enabling this feature will revoke access to the
console server for those users as the they won't be a member of any groups, even if the Retrieve
Remote groups option in the Authentication menu is enabled.
10. Click Apply. TACAS+ remote authentication is used for all user access to console server and
serially or network attached devices
TACACS+ The Terminal Access Controller Access Control System (TACACS+) security protocol is a
recent protocol developed by Cisco. It provides detailed accounting information and flexible
administrative control over the authentication and authorization processes. TACACS+ allows for a
single access control server (the TACACS+ daemon) to provide authentication, authorization, and
accounting services independently. Each service can be tied into its own database to take
advantage of other services available on that server or on the network, depending on the
capabilities of the daemon.
8.1.3 RADIUS authentication
Perform the following procedure to configure the RADIUS authentication method to be used whenever the
console server or any of its serial ports or hosts is accessed:
1. Select Serial & Network > Authentication and check RADIUS or LocalRADIUS or RADIUSLocal or
RADIUSDownLocal
To Next Page
Loading...
Need help?
General
Weight and Dimensions
