Service manual

ManualsBrandsAvocent ManualsComputer equipmentCyclades ACS

Chapter 3: Security 45

3. On the console server, use the CLI utility to edit the parameters described in the following

table.

cli> config security authentication [parameter] <value>

service = <authorization

method>

Specifies the authorization method used and whether the user is allowed or

denied access when the raccess parameter is set on the console server.

Only users who have this parameter set to raccess have authorization to

access the specified ports.

port<#> = <ACS5000>/

<Port>

Specify which serial ports on the console server the user has authorization to

access.

port# is a sequential label used by the console server.

<ACS5000> is the name or IP address of the console server box.

<Port> is the serial port the user may access on the specified

console server.

Table 3.8: TACACS+ Configuration Parameters

Parameter Value Description

tacplusauthsvr1 <n.n.n.n> This address indicates the location of the TACACS+

authentication server. A second TACACS+ authentication

server may be configured with the parameter tacplusauthsvr2.

tacplusacctsvr1 <n.n.n.n> This address indicates the location of the TACACS+

accounting server, which may be used to track how long users

are connected after being authorized by the authentication

server. Its use is optional. If this parameter is not used,

accounting is not performed. If the same server is used for

authentication and accounting, both parameters must be filled

with the same address. A second TACACS+ accounting

server may be configured with the parameter accthost2.

tacplussecret <tacplussecret>

This is the shared secret (password) necessary for communication

between the

console server

and the

TACACS+

servers.

tacplusraccess yes|no This is raccess authorization on the TACACS+ server. Should

be enabled for authorization on serial ports.

tacplustimeout <number> This is the time-out (in seconds) for a TACACS+

authentication query to be answered.

tacplusretries <number> Defines the number of times each TACACS+ server is tried

before another is contacted. The first server authhost1 is tried

for the specified number of times, before the second

authhost2, if configured, is contacted and tried for the

specified number of times. If the second server fails to

respond, TACACS+ authentication fails.

Table 3.7: Parameters for Specifying User Authorization on a TACACS+ Server (Continued)

Parameter Description