...
You can configure at most two TACACS+ servers on the AmpCon-Campus server. One is the primary and active server, while the other one is the secondary server, which is used for backup. No need to configure Configure the secondary server if only when backup is not needed.
You can designate authorization levels by using the priv-lvl parameter on the TACACS+ server. The priv-lvl configuration is sent in the TACACS+ authorization response. The priv-lvl parameter value is mapped to one of these local role levels: Readonly, Operator, Admin, and Superadmin.
For how to configure authorization levels on the TACACS+ server, see the Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus) section.
AmpCon-Campus sends authorization requests with “Arg[0]” service=AmpCon-Campus. On the TACACS+ server, you need to set the value of the parameter “service=AmpCon-Campus” to process authorization requests of AmpCon-Campus users.
If both the primary and the secondary TACACS+ servers are unreachable, you can use local users (global user or group user) to log in to the AmpCon-Campus UI.
...
Parameter | Description |
|---|---|
Enable | Enable or disable TACACS+ authentication and authorization. |
Primary Server IP | The IP address of the primary TACACS+ server. |
Secondary Server IP | Optional. The IP address of the backup TACACS+ server. |
Server Key | The shared key of TACACS+. Note: The value of the Server Key field needs to be the same as the shared key keys of the primary and secondary TACACS+ servers. The shared key keys on both TACACS+ servers needs need to be the same. |
Session Timeout | The TACACS+ connection timeout in seconds. |
Auth Protocol | The authentication protocol type of TACACS+ including ASCII, PAP, or CHAP. |
TACACS+ User Level Mapping | The mapping ranges for TACACS+ authorization. The configuration page displays the default mapping values. You can configure a custom range for mapping values. The values are integers that range from 0 to15. Notes:
|
...