beautypg.com

Tacacs+ technical specifications, Tacacs+ technical specifications 67 – Sentry Industries PT22 User Manual

Page 67

background image

Displaying outlet, outlet group and serial port access

The List TacPriv command displays all accessible outlets, outlet groups and serial ports for a
TACACS+ account.

To display outlet, outlet group and serial port access:

At the Sentry: prompt, type list tacpriv, optionally followed by a TACACS+ account. Press Enter.

Example

The following command displays information about the TACACS+ account 1:

Sentry: list tacpriv 1
TACACS+ Privilege Level: 1
Ports:
Port ID Port Name
Console Console

Members of PowerUser TACACS+ account members may access the Console serial port.

TACACS+ Technical Specifications

Authentication START Packet includes:

action = 1 (TAC_PLUS_AUTHEN_LOGIN)
priv_lvl = 0 (TAC_PLUS_PRIV_LVL_MIN)
authen_type = 1 (TAC_PLUS_AUTHEN_TYPE_ASCII)
service = 1 (TAC_PLUS_AUTHEN_SVC_LOGIN)
user = (entered username)
port = (access path into the Sentry)
rem_addr = ‘Sentry3_xxxxxx’ (xxxxxx is last six digits of MAC address)
data = ‘‘ (null)

NOTE: The password is sent in a CONTINUE packet.

Authorization REQUEST Packet includes:

authen_method = 6 (TAC_PLUS_AUTHEN_METH_TACACSPLUS)
priv_lvl = 0 (TAC_PLUS_PRIV_LVL_MIN)
authen_type = 1 (TAC_PLUS_AUTHEN_TYPE_ASCII)
authen_service = 1 (TAC_PLUS_AUTHEN_SVC_LOGIN)
user = (entered username)
port = (access path into the Sentry)
rem_addr = ‘Sentry3_xxxxxx’ (xxxxxx is last six digits of Ethernet MAC address)
service = ‘shell’ (for exec)
cmd = ‘‘ (null)

NOTE: The access paths into the Sentry which support TACACS+ are ‘Console’, ‘Telnet’, ‘SSH’, ‘HTTP’ and
‘HTTPS’. In the case of ‘Console’ and ‘Modem’, an administrator is allowed to rename these ports in which case the
assigned name is used.

Sentry PT22

Advanced Operations

67

Installation and Operations Manual