Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 6 Next »

AmpCon™-Campus supports integrating with the Access Controller Access Control System (TACACS+) server to do authentication and authorization for the AmpCon-Campus login users.

In addition to using local users (global users or group users), you can also enable the TACACS+ integration to manage user access.

Before You Begin

Before you enable the TACACS+ integration, read the following notes:

  • You can configure at most two TACACS+ servers on the AmpCon-Campus server. One is the primary and active server, while the other one is the secondary server, which is used for backup.

  • You can designate authorization levels by using the priv-lvl parameter on the TACACS+ server. The priv-lvl configuration is sent in the TACACS+ authorization response. The priv-lvl parameter is mapped to one of these local role levels: Readonly, Operator, Admin and Superadmin.

For how to configure authorization levels on the TACACS+ server, see the Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus) section.

  • AmpCon-Campus sends authorization requests with “Arg[0]” service=AmpCon-Campus. On the TACACS+ server, you need to set the value of the parameter “service=AmpCon-Campus” to process the authorization request of AmpCon-Campus users.

  • If both TACACS+ servers are unreachable, you can use local users (global user or group user) to log in to the AmpCon-Campus UI.

Procedure

To enable the TACACS+ integration, follow these steps:

  1. In the AmpCon-Campus UI, click System > User management.

  2. Click TACACS+ Settings.

  3. Click Enable to activate the TACACS+ service. The TACACS+ Settings pop-up window is displayed.

图片-20241220-084338.png

  1. Enter the following information:

Parameter

Description

Enable

Enable or disable TACACS+ authentication and authorization.

Primary Server IP

The IP address of the primary TACACS+ server.

Secondary Server IP

Optional. The IP address of the backup TACACS+ server.

Server Key

The shared key of TACACS+.

Note: The value of the Server Key field needs to be the same as the shared key of the primary and secondary TACACS+ servers. The shared key on both TACACS+ servers needs to be the same.

Session Timeout

The TACACS+ connection timeout in seconds.

Auth Protocol

The authentication protocol type of TACACS+ including ASCII, PAP, or CHAP.

TACACS+ User Level Mapping

The mapping ranges for TACACS+ authorization. The configuration page displays the default mapping values. You can configure a custom range for mapping values. The values are integers that range from 0 to15.

Notes:

  • Don’t overlap any range with other ranges among different user levels.

  • If the priv-lvl configuration of a user on the TACACS+ server is not found in a level-mapping configuration on AmpCon-Campus, the user role level is mapped to Readonly.

  1. Click OK.

Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus)

For how to configure authorization levels on the TACACS+ server, see the following example:

user = leontest {
global = cleartext "abc"
service = AmpCon {
default attribute = permit
priv-lvl = 15
}
}

user = automation1 {
global = cleartext "automation"
service = AmpCon {
default attribute = permit
priv-lvl = 10
}
}

user = testtest {
global = cleartext "testtest"
service = AmpCon {
default attribute = permit
priv-lvl = 5
}
}

user = testpica8 {
global = cleartext "testpica8"
service = AmpCon {
default attribute = permit
priv-lvl = 1
}
}

  • No labels

Copyright © 2025 Pica8 Inc. All Rights Reserved.