Similar to RADIUS, the main function of TACACS+ is to perform authentication for remote access. The SLC supports the TACACS+ protocol (not the older TACACS or XTACACS protocols).
The system administrator and users with appropriate configuration rights can configure the SLC to use TACACS+ to authenticate users attempting to log in using Telnet, SSH, or the console port.
Note: Users who are authenticated through TACACS+ are granted port access through port permissions on this page.
To configure the SLC to use TACACS to authenticate users:
Complete the following fields:
Enable TACACS+ |
Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: If you enable TACACS+ here, it automatically displays at the end of the order of precedence on the User Authentication page. |
TACACS+ Servers 1-3 |
IP address or host name of up to three TACACS+ servers. |
Secret |
Shared secret for message encryption between the SLC and the TACACS+ server. Enter an alphanumeric secret of up to 127 characters. |
Encrypt Messages |
Select the checkbox to encrypt messages between the SLC and the TACACS+ server. Selected by default. |
Custom Menu |
If custom menus have been created (see the User Guide), you can assign a default custom menu to TACACS+ users. |
Escape Sequence |
A single character or a two-character sequence that causes the SLC to leave direct (interactive) mode. (To leave listen mode, press any key.) A suggested value is Esc+A (escape key, then uppercase "A" performed quickly but not simultaneously). You would specify this value as \x1bA, which is hexadecimal (\x) character 27 (1B) followed by an A. This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport, tcp, or udp. |
Break Sequence |
A series of one to ten characters users can enter on the command line interface to send a break signal to the external device. A suggested value is Esc+B (escape key, then uppercase “B” performed quickly but not simultaneously). You would specify this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B. |
Data Ports |
The ports users are able to monitor and interact with using the connect direct command. U and L denote the upper and lower slots of the PC Card. |
Listen Ports |
The ports users are able to monitor using the connect listen command. |
Clear Port Buffers |
The ports whose port buffer users may clear using the set locallog clear command. |
Power Outlets |
Right to view and enter settings for power outlets (SLB only). |
In the User Rights section, select the user group to which TACACS+ users will belong:
Group |
Select the group to which the TACACS+ users will belong: Default Users: This group has only the most basic rights (described above). Power Users: This group has the same rights as Default Users plus Networking, Date/Time, Reboot & Shutdown; Diagnostics & Reports. Administrators: This group has all possible rights. |
Select or clear the checkboxes for the following rights:
Full Administrative |
Right to add, update, and delete all editable fields. |
Networking |
Right to enter network settings. |
Services |
Right to enable and disable system logging, SSH and Telnet logins, SNMP, and SMTP. |
Date/Time |
Right to set the date and time. |
SecureLinx Network |
Right to view and manage SecureLinx units (e.g., SLPs, Spiders, SLCs). |
Local Users |
Right to add or delete local users on the system. |
Remote Authentication |
Right to assign a remote user to a user group and assign a set of rights to the user. |
SSH Keys |
Right to set SSH keys for authenticating users. |
User Menus |
Right to create or edit a custom user menu for the CLI. |
Web Access |
Right to access Web-Manager. |
Reboot & Shutdown |
Right to use the CLI or shut down the SLC and then reboot it. |
Firmware & Configuration |
Right to upgrade the firmware on the unit and save or restore a configuration (all settings). |
Diagnostics & Reports |
Right to obtain diagnostic information and reports about the unit. |
Device Ports |
Right to enter device port settings. |
PC Card |
Right to enter modem settings for PC cards. |
Access Outlets |
The power outlets users may monitor and configure. (SLB only) |
To save, click Apply.
Note: You must reboot the unit before changes will take effect.
See Also