Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 4 Next »

AmpCon™-DC supports integrating with the Access Controller Access Control System (TACACS+) server to do authentication and authorization for the AmpCon-DC login users.

In addition to using local users (global users or group users), you can also enable the TACACS+ integration to manage user access.

Before you begin

  • You can configure at most two TACACS+ servers on the AmpCon-DC server. One is the primary and active server, while the other one is the secondary server, which is used for backup.

  • You can designate authorization levels by using the parameter priv-lvl on the TACACS+ server, which will be sent in the TACACS+ authorization response. The priv-lvl is mapped to one of four user role levels: Readonly, Operator, Admin and Superadmin. You can find the sample configuration of authorization level on TACACS+ server in the xx section.

  • If both TACACS+ servers are unreachable, you can use local users (global user or group user) to log in to the AmpCon-DC UI.

  • AmpCon-DC sends authorization requests with “Arg[0]” service=AmpCon-DC. On the TACACS+ server, you need to set the value of the parameter “service=AmpCon-DC” to process the authorization request of AmpCon-DC users.

Procedure

To enable the TACACS+ integration, follow these steps:

  1. In the AmpCon-DC UI, click System > User management.

  2. Click TACACS+ Settings.

  3. Click Enable to activate theTACACS+ service. The TACACS+ Settings pop-up window is displayed.

图片-20241220-084338.png

  1. Enter the following information:

Parameter

Description

Enable

Enable or disable TACACS+ authentication and authorization.

Primary Server IP

The IP address of the primary TACACS+ server.

Secondary Server IP

Optional. The IP address of the backup TACACS+ server.

Server Key

The shared key of TACACS+.

Note: The value of the Server Key field needs to be the same as the shared key of the primary and secondary TACACS+ servers. The shared key on both TACACS+ servers needs to be the same.

Session Timeout

The TACACS+ connection timeout in seconds.

Auth Protocol

The authentication protocol type of TACACS+ including ASCII, PAP or CHAP.

TACACS+ User Level Mapping

The mapping ranges for TACACS+ authorization. The configuration page displays the default mapping values. You can configure a custom range for mapping values. The values are integers that range from 0 to15.

Notes:

  • Any range should not overlap with another range between different user levels.

  • If the priv-lvl of a user configured on the TACACS+ server is not found in a level mapping configuration on AmpCon, the user level will be mapped to “readonly”.

  1. Click OK.

  • No labels

Copyright © 2025 Pica8 Inc. All Rights Reserved.