RuggedCom Welder RS400 用户手册
Administration
ROS™ v3.5
46
RS400
1.13 TACACS+
TACACS+ (Terminal Access Controller Access-Control System Plus) is a TCP-based access
control protocol that provides authentication, authorization and accounting services to routers,
network access servers and other networked computing devices via one or more centralized
servers. It is based on, but is not compatible with, the older TACACS protocol. TACACS+ has
generally replaced its predecessor in more recently built or updated networks, although
TACACS and XTACACS are still used on many older networks. Note that RuggedCom’s
TACACS+ client implementation always has encryption enabled.
control protocol that provides authentication, authorization and accounting services to routers,
network access servers and other networked computing devices via one or more centralized
servers. It is based on, but is not compatible with, the older TACACS protocol. TACACS+ has
generally replaced its predecessor in more recently built or updated networks, although
TACACS and XTACACS are still used on many older networks. Note that RuggedCom’s
TACACS+ client implementation always has encryption enabled.
1.13.1 User Login Authentication and Authorization
A TACACS+ server can be used to authenticate and authorize access to the device’s services,
such as HMI via Serial Console, Telnet, SSH, RSH, Web Server (see Password Configuration).
Username and Password are sent to the configured TACACS+ Server.
such as HMI via Serial Console, Telnet, SSH, RSH, Web Server (see Password Configuration).
Username and Password are sent to the configured TACACS+ Server.
Two TACACS+ servers (Primary and Secondary) are configurable per device. If the Primary
Server is not reachable, the device will automatically fall back to the Secondary server to
complete the authorization process.
Server is not reachable, the device will automatically fall back to the Secondary server to
complete the authorization process.
• The TACACS+ standard priv_lvl attribute will be used to grant access to the device:
priv_lvl=15 represents an access level of “admin”
1 < priv_lvl < 15 represents an access level of “operator” (i.e. any value from 2 to 14)
priv_lvl=1 represents an access level of “guest”
1 < priv_lvl < 15 represents an access level of “operator” (i.e. any value from 2 to 14)
priv_lvl=1 represents an access level of “guest”
Note: If no access level is received in the response packet from the server then no access will be granted
to the user
1.13.2 TACACS+ Server Configuration
Figure 22: TACACS+ Server summary