Kentrox AI296 TACACS+ Configuration

AI296 Version 9.8x User’s Guide

System Configuration: TACACS+ Configuration

4-18

TACACS+ Configuration

TACACS+ authentication verifies user login information against the user’s permission

level on a TACACS+ server. Up to 9 TACACS+ servers are configurable to provide

secure access for an entire AI296 network. AI296 TACACS+ authentication is

available for Telnet, asynchronous, asynchronous PPP, and FTP connections. The

following menu items can be configured for TACACS+ on the AI198 menu system:

zServer Settings

zShell/FTP Options



Note: TACACS+ is not configurable from the AI296 local menu system. For

information on configuring TACACS+ when logged into AI296, refer to shell

commands aaa on page 9-6, tacacs on page 9-96, and tacacs server on page

9-99.

Server Settings

Description

From the AI198 Menu System, the TACACS+ server settings are configured using

four menu items for the primary and secondary server. The configurable values are:

zPrimary/secondary server status—Enables or disables the primary or secondary

server.

zPrimary/secondary server IP address—Defines an IP address for the primary or

secondary server.

zPrimary/secondary server port—Defines the port number for the primary or

secondary server.

zPrimary/secondary server secret—Defines a password for the primary or secondary

server.

Menu Item Types

Toggle for primary/secondary server status

Data for primary/secondary server IP address, server port, and server secret

Configuration in the AI198 Menu System

To configure the TACACS+ server settings:

1. Access Menu 4.2.11-2.4.

2. For 01*Primary Server Status, enter 1 to select ENABLED or DISABLED. The default is

DISABLED.

Contents

Main Page About this Document Document Conventions Page Cautions and Warnings Electrostatic Discharge Caution Ground Caution Proper Cooling Caution FCC Warning Customer Assistance Web Site Support Email Support Phone Support Kentrox Product Documentation Table of Contents Chapter 1: Product Description ..............................................................1-1 Chapter 2: Using the AI198TM Menu System ........................................2-1 Chapter 3: AI296 Local Menu System ....................................................3-1 Chapter 4: System Configuration ...........................................................4-1 Chapter 5: IP Over X.25 Subnet Configuration ......................................5-1 Chapter 6: Link Configuration ................................................................6-1 Page Chapter 8: Alias and Call Routing Configuration ....................................8-1 Chapter 9: AI296 Commands .................................................................9-1 Appendix A: AI296 System Codes ........................................................ A-1 Appendix B: Standalone Mode and Switch Mode ................................. B-1 Appendix C: Commands for AI296 TACACS+ Server Enhancements .. C-1 Product Description Features Page System Diagnostics TID Multiplexing AI296 Hardware Components Front Panel Components Technical Specifications Individual Port Access CAB257 Cable DP196 Distribution Panel DB-25 Connectors RJ45 10BaseT Connectors Pin 1 Pin 8 Typical Applications Asynchronous to TCP/IP Application IP Over X.25 Networks Page AI296 Version 9.8x Users Guide Product Description: Typical Applications Mixed Asynchronous and X.25 Networks IRB Figure 1-7 Mixed Asynchronous and X.25 Network Page X.25 to TCP/IP Application Product Description: Typical Applications X.25 Trunking Figure 1-9 illustrates a common X.25 trunking application. Figure 1-9 X.25 Trunking Page Using the AI198TM Menu System Using the AI198TM Menu System: Accessing the Menu System Accessing the Menu System Navigating the Menu System Menu Numbering Structure Types of Menu Items Submenus Toggles Data Functions Page AI296 Local Menu System Identifying AI296 Menu System Security Options Multilevel User Name and Password Security RADIUS Authentication TACACS+ Authentication PPP Authentication Protocols (PAP and CHAP) Logging Into AI296 Using a Telnet Connection for Login Using an Asynchronous Port for Login Page Accessing the Local Menu System Navigating the Local Menu System Identifying Types of Menu Items Data Entry Items Toggle Items Accessing the Help Menu Exiting the Local Menu System System Configuration General System Properties Configuration Destination Menu Break Sequence Format Page Ethernet Port Settings FTP Port IP Settings Page Passive Link Settings Page System Prompt TCP Settings Telnet Port System Configuration: General System Properties Configuration This example displays Telnet Port set to 55. RADIUS Configuration Server Settings Page Shell/FTP Options System Configuration: RADIUS Configuration This example displays the shell RAS option set to RADIUS/Fallback. TACACS+ Configuration Server Settings Shell/FTP Options System Configuration: TACACS+ Configuration 2. For 09*Shell/FTP TACACS Option , enter 9 to select ENABLED, DISABLED , or This example displays 09*Shell/FTP TACACS Option set to LOCAL FALLBACK. SNMP Configuration Authentication Traps Community Names Page Contact Persons Node Information SNMP Manager Page Static Route Configuration IP Address Settings TID to Modem Mux Configuration Inactivity Timeout Initialization String Port Bit Settings TID to Route Page Time Configuration Daylight Savings Time SNTP Settings Page Time Zone Page Configuration Overview Before Configuration Local Settings Local IP Address for this Subnet Local IP Subnet Mask Local X.25 Link Number Remote Settings Remote IP Address for this Subnet Remote X.121 Address Page Link Configuration AI296 Link Types Asynchronous Asynchronous PPP HDLC-Bridge MLT Synchronous PPP X.25 BX.25 Configuration BX.25 Configuration Values Usage BX.25 Modulo BX.25 Support BX.25 Timer Settings Link Configuration: BX.25 Configuration This example displays 05 Connect Timer ST2 set to 33 and 06 Send Timer ST3 set to 45. Connect Options Configuration Alias Call Retry Interval Connect String Page Connection Settings Page Link Application Page Disconnect Options Configuration Disconnect Inactivity Timer Settings Page Disconnect Settings Disconnect String Link Configuration: Disconnect Options Configuration This example displays 07 Disconnect string set to <b>newString<33><p 15><b>. General Link Properties Configuration Auto Disable Error Limit Flow Control Hardware Interface (Interface Type) Page Page Link Description Link Mode Link Number Link State Link Type Passive Link with Clocking Port Data Bits Port Parity Port Speed Page Port Stop Bits Link Configuration: General Link Properties Configuration Sync Port Encoding This menu item sets the binary encoding on a port. Toggle MLT Xon Repeat Interval Link Configuration: General Link Properties Configuration This example displays 10 Xon Repeat interval set to 30. General PPP Properties Configuration IPCP Address Settings Page Maximum Unit Settings Network Control Protocol Page LAPB Parameters Configuration Frame Settings Page LAPB Timer Settings N2 Retry Counter Page Modem Option Configuration Modem String Dialing Time-out Interval Number of Dial Attempts Link Configuration: Modem Option Configuration This example displays Number of dial attempts set to 15. PPP Authentication Configuration Local Authentication Settings Page RAS Option Page Remote Authentication Settings Page Quick X.25 Configuration Frame Settings Page Number of PVCs Packet Settings Passive Link Settings Port Speed SVC Settings X.121 Local Address Link Configuration: Quick X.25 Configuration This example displays X121 Local Address set to 59274. RTS/DTR Lead Control Configuration DTR State Configuration RTS State Configuration Page Link Configuration: RTS/DTR Lead Control Configuration This example displays RTS connect state set to FlowControl and RTS disconnect state set to Toggle. X.25 Parameters Configuration Maximum Packet Size Packet Window Size Link Configuration: X.25 Parameters Configuration This example displays Packet Window Size set to 6. Protocol Version This menu item defines the protocol version (year) for the current link. Toggle X.25 X.25 Counter Settings Page X.25 Facilities Negotiation X.25 Timer Settings Page Page X.121 Local Address Virtual Circuit Configuration Number of PVCs PVC Configuration Settings Page Page Page SVC Configuration Settings Page Page Page Overview Page TID Multiplexing Configuration Configuring the Parent Alias Page Page Configuring the Children Aliases Page Page Example Configurations Page This example displays the parent alias configuration in the AI296 menu system. Note: To configure aliases in the AI296 local menu system, AI296 must be in standalone mode. These examples display two of the child alias configurations in the AI198 menu system. These examples display two of the child alias configurations in the AI296 menu system. Note: To configure aliases in the AI296 local menu system, AI296 must be in standalone mode. TID Multiplexing Troubleshooting RTRV-HDR Format Normal Response Format Normal Response Example Error Response Format Error Response Example Diagnostics for TID Multiplexing Page Page Overview Page Alias and Call Routing Configuration: Overview This is an example configuration in the AI198 menu system for AI296 B: Call Routing Configuring an Alias in the AI198 Menu System Page Configuring an Alias in the AI296 Menu System Page Arranging Aliases in the Alias Table Configuring an Alias with X.25 Keep-Alive Page Source/Destination Protocol Tables Source/Destination Protocol Tables for the AI198 Menu System Page Page Page Page Page Page Page Source/Destination Protocol Tables for the AI296 Menu System Page Page Page Page Page Page Page Page Protocol Processing Modules Module Types AEP AEPN AEPX ASY BX25NM BX25S ETER XXX PAD PKT RBP TL1 Page TN Module Properties Module Arguments Page Alias Macros Alias Macro Components Start Symbols Comments Constants Varia bles Wildcard Symbols Operators Functions Page Alias Macro Configuration Configuration Examples Page Alias Configuration Examples SVC to SVC Connection This example displays the menu items used to configure the SVC to SVC connection: SVC to PVC Connection Figure 8-3 SVC to PVC Connection Diagram This example displays the menu items used to configure an SVC to PVC connection: PVC to SVC Connection Figure 8-4 PVC to SVC Connection Diagram This example displays the menu items used to configure a PVC to SVC connection. MLT Route Figure 8-5 MLT Call Routing Example Page Link-to-Link Call Routing Page Page Commands Overview Shell Commands Shell Connections Establishing a Local Shell Connection Establishing a Remote Shell Connection winslc Commands Displaying winslc Command Logging Using winslc Commands Log/Alarm Message Header Page aaa Page Page Page Command Defaults AI296 Commands: aaa This example displays a summary of all authentication, authorization, and accounting settings. This example displays all AAA specific counters and statistics. This example displays a successful password change on a TACACS+ server. alarm Page AI296 Commands: alarm This example displays all system alarms in group links. This example displays alarms for links 5-8 in group links. This example displays all alarms by severity level. AI296 Commands: alarm This example displays all alarms that have a severity level between 4 and 7. arp Page Page break Page AI296 Commands: bridge bridge This command dumps a list of all the addresses in the bridge table or clears the bridge table. This example displays the dumping of the bridge table. bridge { dump | clear } dump Dumps a list of all the addresses in the bridge table. clear Clears the bridge table. creset date debug AI296 Commands: debug This example displays the enabling of all debug data logging. delete diag-conn Page diag-eth Page Page Page This example displays Ethernet diagnostic help information. This example displays the help associated with the Ethernet diagnostic filter command. This example displays the diagnostic Ethernet display when the following parameters are entered: This example displays the diagnostic Ethernet display when the following is entered: zfilter add src 00:40:72:00:d2:d9 to configure a filter with source MAC address 00:40:72:00:d2:d9 zfilter add dst 00:40:72:00:d2:d9 to configure a filter with destination MAC address 00:40:72:00:d2:d9 This example displays the diagnostic Ethernet display when the following is entered: Page diag-info Page Page Page Page Page Page Page Page diag-line Page Page diag-tconn dir exit AI296 Commands: head head This command displays the first few lines of a file. This example displays the first 30 lines of file core.txt. ] head [ -n help AI296 Commands: help This example displays help information for command show. id ip ip init AI296 Commands: ip init This example displays the configuration of all the IP settings available with this command: link AI296 Commands: link linkstat AI296 Commands: linkstat This example displays the link statistic information for AI296. AI296 Commands: linkstat This example displays link statistic information for the device at baseport 64. log logout ls menu AI296 Commands: more more This command prints the content of a file to the current shell session one page at a time. more This example displays the contents of file log.txt one page at a time. pad Page panic passwd ping pppstatus Page profile Page pvcedit Page pvclist Page reset rz selcnf AI296 Commands: sholog sholog This example displays the contents of an AI296 log file one page at a time. Note: This command has the same functionality as command show log. sholog -p -p Displays the content of the file one page at a time. show This command displays various types of information for AI296. baseport link_range Page AI296 Commands: show This example displays the link numbers, link types, and descriptions for ports 13-16. staeia Page standalone staslc Page syncflash sz tacacs Page Page tacacs server Page Command Defaults Page AI296 Commands: tail tail This command displays the last few lines of a file. This example displays the last 10 lines of file userlog.txt. tail [ -n ] tcpoutconn tftp Page Page tftpboot AI296 Commands: tftpboot This example displays the result of a card booting when no BOOTP or TFTP server is on the net. This example displays the result of a reboot with a successful BOOTP/TFTP session: timezone Page trace Page traceroute AI296 Commands: type type This command displays the text of any file other than a code image or configuration file. This example displays the first page of contents for file log.txt. type [ -p ] Note: This command has the same functionality as command cat. update uptime useradd Page userdel users who xvc Page Page X.25 Cause Codes and Diagnostic Codes Standard Reset Indication Cause Codes Kentrox-Specific Reset Indication Cause Codes Standard Clear Indication Cause Codes Standard ISO Diagnostic Codes CCITT Diagnostic Codes Page Page Kentrox-Specific Diagnostic Codes Crash Codes Common Crash Codes AI296 Crash Codes System Failure Crash Reports Kentrox Technical Support Page Page Standalone Mode Downloading Software for a Standalone AI296 Configuring BOOTP/TFTP Switch Mode Downloading Software for AI296 in Switch Mode Page Page C AI296 Commands The following keyword lets users access destinations: names can be used as arguments. For example, { AI296 Menu Aliases