Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 5 Next »

AmpCon™-DC supports integrating with the Access Controller Access Control System (TACACS+) server to do authentication and authorization for the AmpCon-DC login users.

In addition to using local users (global users or group users), you can also enable the TACACS+ integration to manage user access.

Before you begin

  • You can configure at most two TACACS+ servers on the AmpCon-DC server. One is the primary and active server, while the other one is the secondary server, which is used for backup. If you don’t need backup, no need to configure the secondary TACACS+ server.

  • You can designate authorization levels by using the parameter priv-lvl on the TACACS+ server. The priv-lvl configuration will be sent in the TACACS+ authorization response. The priv-lvl is mapped to one of four user local role levels: Readonly, Operator, Admin and Superadmin. You can find the sample configuration of authorization level on TACACS+ server in the xx section.

  • If both TACACS+ servers are unreachable, you can use local users (global user or group user) to log in to the AmpCon-DC UI.

  • AmpCon-DC sends authorization requests with “Arg[0]” service=AmpCon-DC. On the TACACS+ server, you need to set the value of the parameter “service=AmpCon-DC” to process the authorization request of AmpCon-DC users.

Procedure

To enable the TACACS+ integration, follow these steps:

  1. In the AmpCon-DC UI, click System > User management.

  2. Click TACACS+ Settings.

  3. Click Enable to activate theTACACS+ service. The TACACS+ Settings pop-up window is displayed.

图片-20241220-084338.png

  1. Enter the following information:

Parameter

Description

Enable

Enable or disable TACACS+ authentication and authorization.

Primary Server IP

The IP address of the primary TACACS+ server.

Secondary Server IP

Optional. The IP address of the backup TACACS+ server.

Server Key

The shared key of TACACS+.

Note: The value of the Server Key field needs to be the same as the shared key of the primary and secondary TACACS+ servers. The shared key on both TACACS+ servers needs to be the same.

Session Timeout

The TACACS+ connection timeout in seconds.

Auth Protocol

The authentication protocol type of TACACS+ including ASCII, PAP or CHAP.

TACACS+ User Level Mapping

The mapping ranges for TACACS+ authorization. The configuration page displays the default mapping values. You can configure a custom range for mapping values. The values are integers that range from 0 to15.

Notes:

  • Don’t overlap any range with other ranges among different user levels.

  • If the priv-lvl configuration of a user on the TACACS+ server is not found in a level-mapping configuration on AmpCon-DC, the user role level is mapped to Readonly.

  1. Click OK.

  • No labels

Copyright © 2025 Pica8 Inc. All Rights Reserved.