Sentry Industries PT22 ユーザーズマニュアル
TACACS+
The Sentry family of products supports the Terminal Access Controller Access Control System
(TACACS+) protocol. This enables authentication and authorization with a central TACACS+ server;
user accounts do not need to be individually created locally on each Sentry device.
(TACACS+) protocol. This enables authentication and authorization with a central TACACS+ server;
user accounts do not need to be individually created locally on each Sentry device.
This allows administrators to pre-define and configure (in each Sentry product, and in the TACACS+
server) a set of necessary TACACS+ privilege levels, and users access rights for each. User’s access
rights can then be assigned or revoked simply by making the user a member of one-or-more pre-defined
Sentry TACACS+ privilege levels. User account rights can be added, deleted, or changed within
TACACS+ without any changes needed on individual Sentry products.
server) a set of necessary TACACS+ privilege levels, and users access rights for each. User’s access
rights can then be assigned or revoked simply by making the user a member of one-or-more pre-defined
Sentry TACACS+ privilege levels. User account rights can be added, deleted, or changed within
TACACS+ without any changes needed on individual Sentry products.
The Sentry supports 16 different TACACS+ privilege levels; 15 are entirely configurable by the system
administrator (1 is reserved for default Admin level access to all Sentry resources).
administrator (1 is reserved for default Admin level access to all Sentry resources).
TACAC+ Command Summary
Command Description
Set Authorder
Specifies the authentication order for each new session attempt
Set TACACS
Enables/disables SSL support
Set TACACS HostIP
Sets the IP address of the TACACS server
Set TACACS Key
Sets the TACACS encryption key
Show TACACS
Displays TACACS configurations
Add GrouptoTACACS
Grants a TACACS account access to one or more groups
Add OutlettoTACACS
Grants a TACACS account access to one or all outlets
Add PorttoTACACS
Grants a TACACS account access to one or serial ports
Delete GroupfromTACACS
Removes access to one or more groups for a TACACS account
Delete OutlettoTACACS
Removes access to one or more outlets for a TACACS account
Delete PortfromTACACS
Removes access to one or more serial ports for a TACACS account
Set TacPriv Access
Sets the access level for a TACACS account
Set TacPriv Envmon
Grants or removes privileges to view input and environmental monitoring status
List TacPrivs
Displays access levels for all TACACS accounts
List TacPriv
Displays all accessible outlet/groups/ports for a TACACS account
Enabling and Setting up TACACS+ Support
There are a few configuration requirements for properly enabling and setting up TACACS+ support.
Below is an overview of the minimum requirements:
Below is an overview of the minimum requirements:
1. Enable TACACS+ support.
2. Define the IP address and domain component of at least one TACACS+server.
3. Set the TACACS+ key configured on the supporting TACACS+server.
2. Define the IP address and domain component of at least one TACACS+server.
3. Set the TACACS+ key configured on the supporting TACACS+server.
Enabling and disabling TACACS+ support
The Set TACACS command is used to enable or disable TACACS+ support.
To enable or disable TACACS+ support:
At the Sentry: prompt, type set tacacs, followed by enabled or disabled and press Enter.
Setting the TACACS+ server IP address
The Set TACACS HostIP command sets the TCP/IP address of the TACACS+ server.
To set the TACACS+ server IP address:
At the Sentry: prompt, type set tacacs, followed by hostip1 or hostip2 and the TACACS+ server’s IP
address. Press Enter.
address. Press Enter.
Example
The following command sets the primary TACACS+ server IP address to 98.76.54.32:
Sentry: set tacacs hostip1 98.76.54.32<Enter>
Sentry PT22
Advanced Operations
• 63
Installation and Operations Manual