Manuals / RuggedCom / Computer Equipment / Switch

RuggedCom RS400 manual Tacacs+, TACACS+ Server Configuration

Models: RS400

1 275

Download 275 pages 11.85 Kb

Page 46

Administration

1.13 TACACS+

TACACS+ (Terminal Access Controller Access-Control System Plus) is a TCP-based access control protocol that provides authentication, authorization and accounting services to routers, network access servers and other networked computing devices via one or more centralized servers. It is based on, but is not compatible with, the older TACACS protocol. TACACS+ has generally replaced its predecessor in more recently built or updated networks, although TACACS and XTACACS are still used on many older networks. Note that RuggedCom’s TACACS+ client implementation always has encryption enabled.

1.13.1 User Login Authentication and Authorization

A TACACS+ server can be used to authenticate and authorize access to the device’s services, such as HMI via Serial Console, Telnet, SSH, RSH, Web Server (see Password Configuration). Username and Password are sent to the configured TACACS+ Server.

Two TACACS+ servers (Primary and Secondary) are configurable per device. If the Primary Server is not reachable, the device will automatically fall back to the Secondary server to complete the authorization process.

•The TACACS+ standard priv_lvl attribute will be used to grant access to the device: priv_lvl=15 represents an access level of “admin”

1 < priv_lvl < 15 represents an access level of “operator” (i.e. any value from 2 to 14) priv_lvl=1 represents an access level of “guest”

Note: If no access level is received in the response packet from the server then no access will be granted to the user

1.13.2 TACACS+ Server Configuration

Figure 22: TACACS+ Server summary

ROS™ v3.5

46

RS400

Image 46

RuggedCom RS400 manual Tacacs+, TACACS+ Server Configuration

Contents

Rugged Operating System ROS V3.5 User Guide Disclaimer of liability WarrantyCopyright Registered Trademarks Table Of Contents DNP 109 Igmp 221 Page Table Of Figures WIN and TIN Form 160 Port Lldp Parameters Form 216 How Chapters are organized Supported PlatformsWho Should Use This User Guide Document Conventions Applicable Firmware Revision Firmware/User Guide Version Numbering System Administration Using the RS232 Port to Access the User InterfaceROS User Interface Making Configuration Changes Structure of the User Interface ROS Secure Shell Server Using a Web Browser to Access the Web Interface ROS Web Server Interface Log in to The Device with a Web Browser ROS RS400 Structure of the Web Interface Main Menu via Web Server Interface Updating Statistics Displays Parameters Form Example Administration Menu Administration Menu IP Interfaces IP Interfaces Table Mgmt TypeIP Address Type IP Address Synopsis ###.###.###.### where ### ranges from 0 to DefaultSubnet Destination IP GatewaysGateway Telnet Sessions Allowed IP ServicesInactivity Timeout Web Server Users Allowed ModBus Address Synopsis 1 to 254 or Disabled Default DisabledSynopsis Disabled, Enabled Default Enabled SSH Sessions Allowed System Name Login BannerSystem Identification Location Synopsis Local, Radius Default Local PasswordsAuth Type Operator Password Administration Guest UsernameGuest Password Admin Username Date Time and DateTime Time Zone Synopsis 1 to Default 60 min Default UTC-000 Lisbon, LondonNTP Update Period NTP Server Address Snmp Management Snmp Users Priv Protocol NameAuth Protocol Auth Key Snmp Security to Group Maps Administration Priv KeySynopsis snmpV1, snmpV2c, snmpV3 Default snmpV3 SecurityModel Synopsis Any 32 characters Default Snmp AccessGroup ReadViewName Synopsis noView, V1Mib, allOfMib Default noViewSecurityLevel WriteViewName Administration NotifyViewName User Login Authentication and Authorization Radius overview Vendor Synopsis ###.###.###.### where ### ranges from 0 to Radius Server ConfigurationDefault Primary Server Auth UDP Port TACACS+ Server Configuration TACACS+ Auth TCP Port TACACS+ Server Form Dhcp Relay Agent N/A for RMC30 Dhcp Server Address Default Debugging Configuring Local SyslogAdministration Dhcp Client Ports Syslog Synopsis 1025 to 65535 or Default Configuring Remote Syslog ClientConfiguring Remote Syslog Server UDP Port Facility Severity Troubleshooting Problem One Serial Protocols Overview 1 ‘Raw Socket’ protocol features2 ‘Preemptive Raw Socket’ protocol features Serial Protocols 5 ‘Microlok’ protocol features 3 ‘Modbus’ protocol features4 ‘DNP’ protocol features 6 ‘WIN’ protocol features Serial Protocols Operation RTU Polling Broadcast RTU Polling Broadcast RTU Polling Preemptive Raw Socket Permanent and Dynamic Master Connection Support Use of Port Redirectors Message Packetization Modbus Server and Client Applications TCPModbus Performance Determinants RTU Use of Turnaround Delay Worked Example DNP 3.0, Microlok, TIN and WIN Applications Concept of Links Address Learning Address Learning for TIN Address Learning for DNP Broadcast Messages DNP Broadcast Messages TIN Broadcast Messages Transport for Raw Socket Use of Differentiated Services Code Point DscpTransport Protocols Transport for Protocols with Defined Links Force Half Duplex Mode of Operation Optical loop topology Serial Protocol Configuration and Statistics Serial Protocols Menu Serial Ports Serial Ports Table Protocol Pack TimerSerial Protocols Port ForceHD Default 0 ms Raw Socket Flow Control Pack CharTransport Loc Port Call DirMax Conns Rem Port Preemptive Raw Socket Preemptive Raw Socket Table Dyn Pack Timer Synopsis 3 to Default 10 msDyn Pack Char Modbus Server Serial Protocols TimeoutSynopsis 10 to Default 10 s Synopsis 1 to maximum port number Auxiliary TCP Port Response TimerModbus Client Send Exceptions WIN and TIN Serial Protocols Forward Exceptions Address Aging Timer Serial Protocols TIN ModeMessage Aging Timer TIN Transport MicroLok WIN Dscp 8 DNP Synopsis TCP, UDP Default TCPLearning Serial Protocols Aging Timer Mirrored Bits Mirrored Bits Form Device Addresses Device Address Table Remote IP Addr Synopsis Any 31 characters DefaultAddress Synopsis 1 to maximum port number or Unknown Synopsis Any 16 characters Default Default UnknownDynamic Device Addresses Links Statistics Aging Time Connection Statistics Serial Port Statistics Framing Errors Packet ErrorsParity Errors Overrun Errors Resetting Serial Ports Clearing Serial Port Statistics Problem Three Problem TwoProblem Four Page Controller Protection Through Link-Fault-Indication LFI Ethernet Ports Ethernet Ports Ethernet Ports Configuration and Status Ethernet Ports Menu Port Parameters Port Parameters Table AutoN MediaState Speed Link Alarms LFI Port Rate Limiting Port Rate Limiting Table Ingress Limit Port MirroringPort Mirroring Limitations Ingress Frames Source Port Synopsis Disabled, Enabled Default DisabledPort Mirroring Target Port Link Detection Options Synopsis Off, On, OnwithPortGuard Default OnwithPortGuardFast Link Detection PoE Parameters when applicable Negative impact on overall system responsiveness Class AdminPowered Pwr Limit EoVDSL Parameters when applicable Ethernet Ports Current ROS 106 RS400 Mode Set Rate DS/US Link Rate DS/US Port StatusLink SNR Mrgn Ethernet Ports Name Resetting PortsDuplex Page Ethernet Statistics Ethernet Statistics InOctets Viewing Ethernet StatisticsSynopsis ----, Down, Up OutOctets Ethernet Statistics InPkts ErrorPktsOutPkts Viewing Ethernet Port Statistics Ethernet Port Statistics Table Ethernet Port Statistics Form TotalInOctets CRCAlignErrorsEthernet Statistics InOctets TotalInPkts LateCollisions JabbersCollisions Pkt64Octets UndersizePkts Ethernet Statistics OutMulticastsOutBroadcasts OutUcastPkts Clearing Ethernet Port Statistics Clear Ethernet Port Statistics Form Remote Monitoring Rmon Rmon History Controls Granted Buckets IndexRequested Buckets Interval Rmon History Samples Synopsis Any 127 characters Default MonitorEthernet Statistics Owner StartTime SampleSynopsis Dddd days, Hhmmss Number of good Broadcast packets received Rmon Alarms Utilization ROS 126 RS400 Variable Rising Thr Value Startup AlarmFalling Thr Rising Event Rmon Events Rmon Events Table Community Synopsis none, log, snmpTrap, logAndTrap Default logAndTrapSynopsis Any 31 characters Default public Last Time Sent Rmon Event Log Rmon Event Log Table LogDescription LogLogTime Synopsis Any 49 characters Rstp Operation Spanning Tree Rstp States and Roles State Role Bridge and Port Roles Path and Port Costs Edge PortsPoint-to-Point and Multipoint Links How Port Costs Are Generated STP vs. Rstp Costs Bridge Diameter Mstp Operation MST Regions and Interoperability Cist Regional Root Mstp Bridge and Port Roles 5.2.2.1 Bridge RolesCist Root Msti Regional Root Msti Port Roles Port RolesCist Port Roles Boundary Ports Load Balancing Isolation of Spanning Tree ReconfigurationBenefits of Mstp Mstp versus Pvst Implementing Mstp on a Bridged Network Select the design parameters for the network Rstp in Structured Wiring ConfigurationsRstp Applications Identify required legacy support Identify desired steady state topology Rstp in Ring Backbone ConfigurationsChoose the root bridge and backup root bridge carefully Decide upon port cost calculation strategy Choose the root bridge Rstp Port RedundancyIdentify edge ports Assign bridge priorities to the ring Spanning Tree Configuration Spanning Tree Menu Version Support Synopsis STP, RSTP, Mstp Default RstpBridge Rstp Parameters ERSTP Enhancements Hello Time Forward DelayBridge Priority Max Age Time Bpdu Guard Timeout Synopsis STP 16 bit, Rstp 32 bit Default STP 16 bitCost Style Port Rstp Parameters Ports STP Cost Spanning Tree EnabledPriority Rstp Cost Spanning Tree Revision Level Synopsis Any 32 characters Default 00-0A-DC-00-41-74MST Region Identifier Digest Bridge Msti Parameters Instance ID Port Msti Parameters Port Msti Parameter Table Ports Bridge Status Spanning Tree StatisticsBridge Rstp Statistics Bridge ID Learned Forward Delay Configured Hello TimeConfigured Forward Delay Configured Max Age Port Rstp Statistics Port Rstp Statistics Table Status Role Cost RX ConfigsTX Configs RX RSTs Bridge Msti Statistics Bridge Msti Statistics Table Port Msti Statistics Port Msti Statistics Table Port Msti Statistics Form Spanning Tree Role Troubleshooting Problem Six Problem FiveProblem Seven Problem Eight Problem Nine Tagged vs. Untagged Frames Vlan OperationVLANs and Tags Native Vlan Trunk Type Edge and Trunk Port TypesEdge Type Vlan Ingress and Egress Rules Forbidden Ports List Egress RulesVLAN-aware and VLAN-unaware operation modes Gvrp Generic Vlan Registration Protocol Edge Switch QinQ not supported in RS400 and RS8000/RS1600 families ROS 174 RS400 Vlan Applications Traffic Domain Isolation Administrative Convenience Reduced Hardware Global Vlan Parameters Vlan ConfigurationSynopsis No, Yes Default Yes VLAN-aware Static VLANs VID Vlan Name Synopsis Any 19 characters DefaultForbidden Ports Port Vlan Parameters Port Vlan Parameters Table Synopsis Adv&Learn, Adv Only, Disabled Default Disabled Synopsis Edge, Trunk Default EdgeSynopsis Untagged, Tagged Default Untagged VLANs Ports Implicit Vlan SummaryExplicit Dynamic Don’t need VLANs at all. How do I turn them off? Page Classes of Service Inspection PhaseCoS Operation Forwarding Phase Determining The CoS Of a Received Frame Synopsis 8421, Strict Default CoS ConfigurationCoS Weighting Global CoS Parameters Port CoS Parameters Port CoS Parameter Table Priority to CoS Mapping Default CoSSynopsis Normal, Medium, High, Crit Default Normal Inspect TOS CoS Priority to CoS Mapping Form Dscp to CoS Mapping TOS Dscp to CoS Mapping Table CoS Access Priorities RS8000 and RS1600 families only CoS Access Priorities Table Normal Access Priority Crit Access PriorityPage Router and Host Igmp Operation IgmpMulticast Filtering Switch Igmp Operation Active Mode Igmp Snooping Rules Passive ModeIgmp and Rstp Combined Router and Switch Igmp Operation Processing Joins Processing Leaves Multicast Filtering Configuration and Status Configuring Igmp Parameters Router Ports Multicast Filtering ModeQuery Interval Router Forwarding Synopsis ##-##-##-##-##-## where ## ranges 0 to FF Default Configuring Static Multicast GroupsMAC Address Viewing IP Multicast Groups Synopsis ##-##-##-##-##-## where ## ranges 0 to FFJoined Ports Troubleshooting Problem Six Page MAC Address Tables MAC Address Tables Synopsis Static, Dynamic Viewing MAC AddressesSynopsis 0 to 65535 or Multi, Local Synopsis Normal, Medium, High, Crit Synopsis 15 to Default 300 s Configuring MAC Address Learning OptionsConfiguring Static MAC Address Table Age Upon Link Loss MAC address that is to be statically configured Purging MAC Address Table Page Lldp Operation Network Discovery Network Discovery Menu Network Discovery Menu Global Lldp Parameters Reinit DelayTx Delay Tx Interval Port Lldp Parameters Port Lldp Parameters Table Lldp Global Remote Statistics Lldp Neighbor Information Lldp Statistics Page Remote Dial-in For Monitoring PPP over Modem OperationPPP over Modem Router Concentration Router Concentration Using Chap 11.1.4 PAP/CHAP Authentication 11.1.4.1 Users ProfilesUsing PAP Assigning IP Addresses For PPP Static Routes PPP Configuration PPP Configuration Menu Synopsis Any 48 characters Default Modem SettingsAT Commands Country Code Local IP Address PPP ControlPPP Status Remote IP Address Synopsis Any 15 characters Default Synopsis Any 15 characters Default ServerOutgoing PAP Password PPP over Modem Server Name PPP Users User Name Remote Net PPP over Modem PasswordSynopsis Any 9 characters Default Remote Subnet Modem Speed PPP StatisticsCurrent Status Synopsis 0 to 2147483647 bps or Offline PPP over Modem Tx LCP Packets AuthenticationConnected User Resetting PPP Clearing PPP Statistics Can connect to the server, but I can’t ping or telnet to it Am having performance problems Page Using the Alarm System Diagnostics Alarms and the Critical Failure Relay Active AlarmsPassive Alarms Viewing and Clearing Alarms Synopsis MMM DD Hhmm Viewing CPU DiagnosticsTotal Powered Time Synopsis Any 127 characters RAM Total Diagnostics CPU UsageTemperature RAM Available Viewing and Clearing the System Log Viewing the System Log Viewing Product Information Resetting the Device Loading Factory Default ConfigurationRS900 v2, 40-00-0066, RS900 v2 ROS 244 RS400 Using the CLI Shell Summary Of CLI Commands available in ROSEntering and Leaving the Shell Viewing Files Getting Help for a CommandListing files Pinging a Remote Device Viewing and Clearing Log FilesTracing Events Displaying Trace settings Enabling Trace Starting Trace Executing Commands Remotely Through RSHViewing Dhcp Learned Information Resetting the Device Upgrading Firmware and Managing Configurations Upgrading Firmware using XModemUpgrading Firmware Upgrading Firmware Using a Tftp Client on Your Workstation Checking Status of Download Upgrading Firmware Using ROS Tftp Client Example of an Upgrade using ROS Tftp Client Capturing Configurations with XModem Capturing ConfigurationsCapturing Configurations with Tftp Getting Started Using SQL CommandsFinding the Correct Table Retrieving a Table with Where Clause Retrieving Parameter from a Table Setting Default Values in a Table Changing Values in a Table Using RSH and SQL Using RSH and SQL Module Name Standard MIBsGroups Supported RuggedCom proprietary MIBs Proprietary MIB Module Name Appendix B Snmp Trap Summary IfInOctets IfInErrorsTcpInSegs IfInUcastPkts UdpInDatagrams UdpInErrorsTcpRetransSegs UdpNoPorts EtherStatsUndersizePkts EtherStatsCRCAlignErrorsEtherStatsMulticastPkts EtherStatsOversizePkts Dot1dTpPortInFrames Dot1dBasePortDelayExceededDiscardsDot1dBasePortMtuExceededDiscards Dot1dTpPortOutFrames RcDeviceStsTemperature IfHCOutBroadcastPkts Response Request0x040x03 0x10 Alarms Modbus Memory MapPage Serial Uint16 TextCmd Uint32 Performing write actions on the device using PortCmd AlarmRead Data from device using PortCmd PSStatusCmd Read Power Supply Status from device using PSStatusCmd See ROS Msti See Lldp Tagging 169