Basic Configuration

5.9.9.TACACS Parameters

The TACACS Configuration Menus offer the following options:

Enable: Enables/disables the TACACS feature at the Network Port. (Default = Off.)

Primary Address: Defines the IP address or domain name (up to 64 characters) for your primary TACACS server. (Default = undefined.)

Secondary Address: Defines the IP address or domain name (up to 64 characters) for your secondary, fallback TACACS server (if present.) (Default = undefined.)

Secret Word: Defines the shared TACACS Secret Word for both TACACS servers. (Default = undefined.)

Fallback Timer: Determines how long the AFS-16 will continue to attempt to contact the primary TACACS Server before falling back to the secondary TACACS Server. (Default = 15 Seconds.)

Fallback Local: Determines whether or not the AFS-16 will fallback to its own password/username directory when an authentication attempt fails. When enabled, the AFS-16 will first attempt to authenticate the password by checking the TACACS Server; if this fails, the AFS-16 will then attempt to authenticate the password by checking its own internal username directory. This Parameter offers three options:

Off: Fallback Local is disabled (Default.)

On (All Failures): Fallback Local is enabled, and the unit will fallback to it's own internal user directory when it cannot contact the TACACS Server, or when a password or username does not match the TACACS Server.

On (Transport Failure): Fallback Local is enabled, but the unit will only fallback to it's own internal user directory when it cannot contact the TACACS Server.

Authentication Port: The port number for the TACACS function. (Default = 49.)

Default User Access: When enabled, this parameter allows TACACS users to access the AFS-16 command mode without first defining a TACACS user account on the AFS-16. When new TACACS users access the AFS-16 command mode, they will inherit the default Access Level, Circuit Access, Circuit Group Access and Service Access that are defined via the items listed below: (Default = On.)

Access Level: Selects the default Access Level setting for new TACACS users. This option can set the default access level to "Administrator", "SuperUser", "User" or "ViewOnly." For more information on Command Access Levels, please refer to Section 5.4.1 and Section 17.2. (Default = User.)

5-38

Page 59
Image 59
Western Telematic AFS-16-1 manual Tacacs Parameters