Versions Compared

Version Old Version 1 New Version 2
Changes made by

Jennifer Xiao

Jennifer Xiao

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

AmpCon™-DC supports integrating with the Access Controller Access Control System (TACACS+) server to do authentication and authorization for the AmpCon-DC login users.

In addition to configuring global users or group users, you can also configure TACACS+ To prevent illegal users from logging in to AmpCon-DC and thus enhance the security of devices.

Before you begin

  • You can configure at most two TACACS+ servers on the AmpCon-DC server. One is the primary and active server, while the other one is the secondary server, which is used for backup.

  • You can designate authorization levels by using the parameter priv-lvl on the TACACS+ server, which will be sent in the TACACS+ authorization response. The priv-lvl is mapped to one of four user role levels: Readonly, Operator, Admin and Superadmin. You can find the sample configuration of authorization level on TACACS+ server in the xx section.

  • If both TACACS+ servers are unreachable, AmpCon-DC will revert to using local users (global user or group user) from the database for login.

  • AmpCon-DC sends authorization requests with “Arg[0]” service=AmpCon-DC. On the TACACS+ server, you need to set the value of the parameter “service=AmpCon-DC” to process the authorization request of AmpCon-DC users.

  1. In the AmpCon-DC UI, click System > User management.

  2. Click TACACS+ Settings.

  3. Click Enable to activate theTACACS+ service.

  4. In the pop-up window, enter the following information:

  • Enable: Enable or disable TACACS+ authentication and authorization

  • Primary Server IP: The IP address of the primary TACACS+ server

  • Secondary Server IP: Optional. The IP address of the backup TACACS+ server

  • Server Key: The shared key of TACACS+.

The value of the Server Key field needs to be the same as the shared key of the primary and secondary TACACS+ servers. The shared key on both TACACS+ servers needs to be the same.

  • Session Timeout: The TACACS+ connection timeout in seconds

  • Auth Protocol: The authentication protocol type of TACACS+ including ASCII, PAP or CHAP

  • TACACS+ User Level Mapping: The mapping ranges for TACACS+ authorization. The configuration page displays the default mapping values. You can configure a custom range for mapping values. The values are integers that range from 0 to15.

...