Kentrox AI232 TACACS+ Configuration

AI232 Version 9.6x User’s Guide

System Configuration: TACACS+ Configuration

4-16

TACACS+ Configuration

TACACS+ authentication verifies user login information against the user’s permission

level on a TACACS+ server. Up to 9 TACACS+ servers are configurable to provide

secure access for an entire AI232 network. AI232 TACACS+ authentication is

available for Telnet, asynchronous, and FTP connections. The following menu items

can be configured for TACACS+ on the AI198 menu system:

zServer Settings

zShell/FTP Options



Note: TACACS+ is not configurable from the AI232 local menu system.

Server Settings

Description

From the AI198 Menu System, the TACACS+ server settings are configured using

four menu items for the primary and secondary server. The configurable values are:

zPrimary/secondary server status—Enables or disables the primary or secondary

server.

zPrimary/secondary server IP address—Defines an IP address for the primary or

secondary server.

zPrimary/secondary server port—Defines the port number for the primary or

secondary server.

zPrimary/secondary server secret—Defines a password for the primary or secondary

server.

Menu Item Types

Toggle for primary/secondary server status

Data for primary/secondary server IP address, server port, and server secret

Configuration in the AI198 Menu System

To configure the TACACS+ server settings:

1. Access Menu 4.2.14-2.4.

2. For 01*Primary Server Status, enter 1 to select ENABLED or DISABLED. The default is

DISABLED.

3. For 02 Primary Server IP Address, enter 2, and the IP address. The default is

0.0.0.0.

4. For 03 Primary Server Port, enter 3, and the port number. The default is 49.

Contents

Main Page Page Document Conventions Page Cautions and Warnings Electrostatic Discharge Caution Ground Caution Proper Cooling Caution FCC Warning Customer Assistance Web Site Support Email Support Phone Support Kentrox Product Documentation Table of Contents Chapter 1: Product Description ..............................................................1-1 Chapter 2: Using the AI198 Menu System ............................................. 2-1 Chapter 3: AI232 Local Menu System ....................................................3-1 Chapter 4: System Configuration ...........................................................4-1 Chapter 5: Link Configuration ................................................................5-1 Chapter 7: Alias and Call Routing Configuration ....................................7-1 Chapter 8: AI232 Commands .................................................................8-1 Page Appendix A: AI232 Crash Codes .......................................................... A-1 Appendix B: Standalone Mode and Switch Mode ................................. B-1 Appendix C: Commands for AI232 TACACS+ Server Enhancements .. C-1 Product Description Features Standalone Configuration System Diagnostics AI232 Hardware Components Front Panel Components Technical Specifications Distribution Panels Model DP232-19/23 Page AI232 Version 9.6x Users Guide Product Description: Distribution Panels WWW.AIINET.COM (AI180 Chassis) Model DP232-RJ45 Figure 1-4 DP232-RJ45 Distribution Panel - - Cable: CAB467 (4 places) DP232-19/23 Page Installation Procedure Figure 1-6 Typical Installation Typical Applications Asynchronous to TCP/IP Application AI 2 9 6 AI Modem Multiplexer Application Page Using the AI198 Menu System: Accessing the Menu System Accessing the Menu System Navigating the Menu System Menu Numbering Structure Types of Menu Items Submenus Toggles Data Functions Page AI232 Local Menu System Identifying AI232 Menu System Security Options Multilevel User Name and Password Security RADIUS Authentication TACACS+ Authentication PPP Authentication Protocols (PAP and CHAP) Logging Into AI232 Using a Telnet Connection for Login Using an Asynchronous Port for Login Page Accessing the Local Menu System Navigating the Local Menu System Identifying Types of Menu Items Data Entry Items Toggle Items Accessing the Help Menu Exiting the Local Menu System Page System Configuration General System Properties Configuration Destination Menu Break Sequence Page Ethernet Port Settings FTP Port IP Settings Page System Prompt TCP Settings Telnet Port System Configuration: General System Properties Configuration This example displays Telnet Port set to 55. RADIUS Configuration Server Settings Page Shell/FTP Options System Configuration: RADIUS Configuration This example displays the shell RAS option set to RADIUS/Fallback. TACACS+ Configuration Server Settings Shell/FTP Options System Configuration: TACACS+ Configuration This example displays 09*Shell/FTP TACACS Option set to LOCAL FALLBACK. SNMP Configuration Authentication Traps Community Names Page Contact Persons Node Information SNMP Manager Page Static Route Configuration IP Address Settings TID to Modem Mux Configuration Inactivity Timeout Initialization String Port Bit Settings TID to Route Page Time Configuration Daylight Savings Time SNTP Settings Time Zone Page Link Configuration AI232 Link Types Asynchronous Asynchronous PPP Modem Multiplexer Connect Options Configuration Alias Call Retry Interval Connect String Page Connection Settings Page Link Application Page Disconnect Options Configuration Disconnect Inactivity Timer Settings Page Disconnect Settings Disconnect String Link Configuration: Disconnect Options Configuration This example displays 07 Disconnect string set to <b>newString<33><p 15><b>. General Link Properties Configuration Auto Disable Error Limit Flow Control Async, AsyncPPP, and ModMux Link Description This menu item defines a description for a link. Data Link Number Link State Link Type Port Data Bits This example displays Port data bits set to Seven. Port Parity Toggle Async and AsyncPPP Port Speed Menu 4.2.14.12.5 appears. Port Stop Bits Xon Repeat Interval This example displays 10 Xon Repeat interval set to 30. General PPP Properties Configuration IPCP Address Settings Page Maximum Unit Settings Network Control Protocol Page Modem Option Configuration Modem String Dialing Time-out Interval Number of Dial Attempts Link Configuration: Modem Option Configuration This example displays Number of dial attempts set to 15. PPP Authentication Configuration Local Authentication Settings Page RAS Option Page Remote Authentication Settings Page RTS/DTR Lead Control Configuration DTR State Configuration RTS State Configuration Page Link Configuration: RTS/DTR Lead Control Configuration This example displays RTS connect state set to FlowControl and RTS disconnect state set to Toggle. Page Overview Page TID Multiplexing Configuration Configuring the Parent Alias Page Page Configuring the Children Aliases Page Page Example Configurations This example displays the parent alias configuration in the AI198 menu system. This example displays the parent alias configuration in the AI232 menu system. Note: To configure aliases in the AI232 local menu system, AI232 must be in standalone mode. These examples display two of the child alias configurations in the AI198 menu system. These examples display two of the child alias configurations in the AI232 menu system. Note: To configure aliases in the AI232 local menu system, AI232 must be in standalone mode. TID Multiplexing Troubleshooting RTRV-HDR Normal Response Format Normal Response Example Error Response Format Error Response Example Diagnostics for TID Multiplexing Page Page Overview Page Call Routing Configuring an Alias Configuring an Alias in the AI198 Menu System Page Page Configuring an Alias in the AI232 Menu System Page Source/Destination Protocol Tables Source/Destination Protocol Tables for the AI198 Menu System Page Source/Destination Protocol Tables for the AI232 Menu System Page Protocol Processing Modules Module Types PKT Page TL1 TN ASY STT Alias Macros Alias Macro Components Start Symbols Comments Constants Varia bles Wildcard Symbols Operators Functions Page Alias Macro Configuration Configuration Examples Page Page Page Commands Overview Shell Commands Shell Connections Establishing a Local Shell Connection Establishing a Remote Shell Connection Using winslc Commands Log/Alarm Message Header Page aaa account aaa authen aaa author aaa chpass aaa fallback aaa ppp authen aaa profile AI232 Commands: aaa profile aaa retry aaa stats Page aaa summary Page aaa timeout alarm AI232 Commands: alarm This example displays a list of the alarm groups and the overall alarm severity. This example displays all system alarms in group links. AI232 Commands: alarm This example displays alarms for links 5-8 in group links. This example displays all alarms by severity level. This example displays all alarms that have a severity level between 4 and 7. Page arp Page Page break Page creset date debug AI232 Commands: debug This example displays the enabling of all debug data logging. delete diag-conn Page diag-eth Page Page Page This example displays Ethernet diagnostic help information. This example displays the help associated with the Ethernet diagnostic filter command. This example displays the diagnostic Ethernet display when the following parameters are entered: This example displays the diagnostic Ethernet display when the following is entered: zfilter add src 00:40:72:00:d2:d9 to configure a filter with source MAC address 00:40:72:00:d2:d9 zfilter add dst 00:40:72:00:d2:d9 to configure a filter with destination MAC address 00:40:72:00:d2:d9 This example displays the diagnostic Ethernet display when the following is entered: Page diag-info Page Page Page Page Page Page Page diag-line Page Page diag-tconn dir exit AI232 Commands: head head This command displays the first few lines of a file. This example displays the first 30 lines of file core.txt. ] head [ -n help id ip ip init AI232 Commands: ip init This example displays the configuration of all the IP settings available with this command: link Page log logout ls menu modmux Page AI232 Commands: more more This command prints the content of a file to the current shell session one page at a time. more This example displays the contents of file log.txt one page at a time. panic passwd ping pppstatus Page profile Page pvclist Page reset AI232 Commands: router router router winslc ip_address ip_address Usage Notes selcnf AI232 Commands: sholog sholog This example displays the contents of an AI232 log file one page at a time. Note: This command has the same functionality as command show log. sholog -p -p Displays the content of the file one page at a time. show Page staeia Page standalone staslc Page syncflash tacacs info tacacs server tacacs server ip tacacs server phase AI232 Commands: tacacs server phase This example displays the disabling of the accounting phase for servers 1 to 5 and 8. tacacs server port tacacs server secret tacacs server summary Page tacacs sholog tacacs stats Page AI232 Commands: tail tail This command displays the last few lines of a file. This example displays the last 20 lines of file log.txt. tail [ -n ] tcpoutconn telnet tftp Page tftpboot AI232 Commands: tftpboot This example displays the result of a card booting when no BOOTP or TFTP server is on the net. This example displays the result of a reboot with a successful BOOTP/TFTP session: timezone Page AI232 Commands: type type This command displays the text of any file other than a code image or configuration file. This example displays the first page of contents for file log.txt. type [ -p ] Note: This command has the same functionality as command cat. update uptime useradd Page userdel users who xon-interval Page Crash Codes Common Crash Codes AI232 Crash Codes System Failure Crash Reports Kentrox Technical Support Page Page Standalone Mode Downloading Software for a Standalone AI232 Configuring BOOTP/TFTP Switch Mode Downloading Software for AI232 in Switch Mode Page Page C AI232 Commands The following keyword lets users access destinations: names can be used as arguments. For example, { AI232 Menu Aliases Page Acronyms and Abbreviations