9-8 Firmware User Guide
TACACS+ server authentication
Netopia Firmware Version 8.4 supports TACACS+ server authentication. Its application to a Netopia Router is to control access to the Router’s management interface, and to audit commands submitted by a user.
TACACS (Terminal Access Controller Access Control System) protocol provides access control for Netopia Routers via a centralized server. TACACS+ provides separate authentication, authorization and accounting services.
TACACS allows a client to accept a username and password and query a TACACS authentication server.
Advanced Security Options |
| |
| + | |
| + | |
Remote Authentication... | RADIUS | |
Security Databases... | TACACS+ | |
Remote Server Addr/Name: | + | |
Remote Server Secret: |
|
|
Alt Remote Server Addr/Name: |
|
|
Alt Remote Server Secret: |
|
|
TACACS+ Accounting: | Yes |
|
Remote Access Privileges... | Custom |
|
Telnet Server Port: | 23 |
|
Device Web Server via LAN only: | Yes |
|
LAN (Ethernet) IP Filter Set...
Remove Filter Set
Configuration is similar to RADIUS server configuration. An additional toggle option TACACS+ Accounting allows you to enable or disable the TACACS+ Accounting services feature.
Note: If the user is authenticated by a TACACS+ server, and TACACS+ Accounting is enabled, the session is switched into Command Line Interface (CLI) mode (see the Command Line Interface Commands Reference) and cannot be switched to console mode. If TACACS+ Accounting is enabled on the Netopia Router, each command is sent to the TACACS+ server in a TACACS+ Accounting transaction. The CLI command is then executed, regardless of the return code from the server.
User access password
Users must be able to change their names and passwords, regardless of other security access restrictions.
If a user does not have security access, then they will only be able to modify the password for their account.
When a
