Tacacs, Enabling and setting up tacacs+ support, Enabling and disabling tacacs+ support – Sentry Industries PT22 User Manual

TACACS+

The Sentry family of products supports the Terminal Access Controller Access Control System
(TACACS+) protocol. This enables authentication and authorization with a central TACACS+ server;
user accounts do not need to be individually created locally on each Sentry device.

This allows administrators to pre-define and configure (in each Sentry product, and in the TACACS+
server) a set of necessary TACACS+ privilege levels, and users access rights for each. User’s access
rights can then be assigned or revoked simply by making the user a member of one-or-more pre-defined
Sentry TACACS+ privilege levels. User account rights can be added, deleted, or changed within
TACACS+ without any changes needed on individual Sentry products.

The Sentry supports 16 different TACACS+ privilege levels; 15 are entirely configurable by the system
administrator (1 is reserved for default Admin level access to all Sentry resources).

TACAC+ Command Summary

Command Description

Set Authorder

Specifies the authentication order for each new session attempt

Set TACACS

Enables/disables SSL support

Set TACACS HostIP

Sets the IP address of the TACACS server

Set TACACS Key

Sets the TACACS encryption key

Show TACACS

Displays TACACS configurations

Add GrouptoTACACS

Grants a TACACS account access to one or more groups

Add OutlettoTACACS

Grants a TACACS account access to one or all outlets

Add PorttoTACACS

Grants a TACACS account access to one or serial ports

Delete GroupfromTACACS

Removes access to one or more groups for a TACACS account

Delete OutlettoTACACS

Removes access to one or more outlets for a TACACS account

Delete PortfromTACACS

Removes access to one or more serial ports for a TACACS account

Set TacPriv Access

Sets the access level for a TACACS account

Set TacPriv Envmon

Grants or removes privileges to view input and environmental monitoring status

List TacPrivs

Displays access levels for all TACACS accounts

List TacPriv

Displays all accessible outlet/groups/ports for a TACACS account

Enabling and Setting up TACACS+ Support

There are a few configuration requirements for properly enabling and setting up TACACS+ support.
Below is an overview of the minimum requirements:

1. Enable TACACS+ support.
2. Define the IP address and domain component of at least one TACACS+server.
3. Set the TACACS+ key configured on the supporting TACACS+server.

Enabling and disabling TACACS+ support

The Set TACACS command is used to enable or disable TACACS+ support.

To enable or disable TACACS+ support:

At the Sentry: prompt, type set tacacs, followed by enabled or disabled and press Enter.

Setting the TACACS+ server IP address

The Set TACACS HostIP command sets the TCP/IP address of the TACACS+ server.

To set the TACACS+ server IP address:

At the Sentry: prompt, type set tacacs, followed by hostip1 or hostip2 and the TACACS+ server’s IP
address. Press Enter.

Example

The following command sets the primary TACACS+ server IP address to 98.76.54.32:

Sentry: set tacacs hostip1 98.76.54.32

Sentry PT22

Advanced Operations

• 63

Installation and Operations Manual