Loading...
6-47
Configuration Options
6.8.8. TACACS Parameters
The TACACS Configuration Menus offer the following options:
• Enable:Enables/disablestheTACACSfeatureattheNetworkPort.(Default=Off)
• PrimaryAddress: Defines the IP address or domain name (up to 64 characters)
foryourprimaryTACACSserver.(Default=undefined)
• SecondaryAddress: Defines the IP address or domain name (up to 64 characters)
foryoursecondary,fallbackTACACSserver(ifpresent.)(Default=undefined)
• SecretWord: Defines the shared TACACS Secret Word for both TACACS servers.
(Default=undefined)
• FallbackTimer: Determines how long the RPC will continue to attempt to contact
the primary TACACS Server before falling back to the secondary TACACS Server.
(Default=15Seconds)
• FallbackLocal: Determines whether or not the RPC will fallback to its own
password/username directory when an authentication attempt fails. When enabled,
the RPC will first attempt to authenticate the password by checking the TACACS
Server; if this fails, the RPC will then attempt to authenticate the password by
checking its own internal username directory. This parameter offers three options:
Off: Fallback Local is disabled (Default)
On(AllFailures): Fallback Local is enabled, and the unit will fallback to its own
internal user directory when it cannot contact the TACACS Server, or when a
password or username does not match the TACACS Server.
On(TransportFailure): Fallback Local is enabled, but the unit will only fallback
to its own internal user directory when it cannot contact the TACACS Server.
• AuthenticationPort:TheportnumberfortheTACACSfunction.(Default=49)
• DefaultUserAccess: When enabled, this parameter allows TACACS users to
access the RPC command mode without first defining a TACACS user account on
the RPC. When new TACACS users access the RPC command mode, they will
inherit the default Access Level, Port Access, Circuit Access, Circuit Group Access
and Service Access parameters that are defined via the items listed below:
(Default=On)
Enable:Enables/disablestheDefaultUserAccessfunction.(Default=On)
AccessLevel: Determines the default Access Level setting for new TACACS
users. This option can set the default access level for new TACACS users
to "Administrator", "SuperUser", "User" or "ViewOnly." For more information
on Command Access Levels, please refer to Section 6.3.1 and Section 17.2.
(Default=User)
PortAccess: Determines the default Port Access setting for new TACACS users.
The Port Access setting determines whether or not the account will be allowed
toconnecttotheserialConsolePort.(Defaults;AdministratorandSuperUser=
AlwaysEnabled,User=Disabled)
Note:ViewOnlylevelaccountscannotbegrantedaccesstotheConsolePort.
Loading...
Terms of Use | Privacy Policy | DMCA Policy
2006-2020 Rsmanuals.com