User`s guide

ManualsBrandsDigi ManualsComputer equipmentTransPort WR44v2

341

342

343

344

345

346

347

348

349

350

Retransmit the request after s seconds

The value in this text box specifies the interval between retransmissions of RADIUS packets.

Stop the negotiation after n retransmissions

The value in this text box specifies the maximum number of times RADIUS data should be

transmitted to the NAS before the negotiation is deemed to have failed.

Stop the negotiation if there is no activity for s seconds

The value in this text box specifies the inactivity period after which the negotiation

procedure is deemed to have failed.

Related CLI Commands

Entity

Instance

Parameter

Values

Equivalent Web Parameter

radcli 0 ip_ent

Blank,ETH,PPP

Blank = Auto

Use Source IP Address

radcli 0,1 retranint

0 – 2147483647

Default 5

Retransmit the request after s

seconds

radcli 0,1 retran

0 – 2147483647

Default 3

Stop the negotiation after n

retransmissions

radcli 0,1 inactto

0 – 2147483647

Default 30

Stop the negotiation if there is

no activity for s seconds

TACACS+

Configuration – Security> TACACS+

The Digi TransPort range of routers supports Terminal Access Controller Access-Control

System Plus (TACACS+) for controlling access to the router. TACACS+ provides

authentication, authorisation and accounting (AAA) services.

TACACS+ can be used to control the following access methods: Secured asynchronous serial

(ASY) ports, Telnet, SSH, FTP, HTTP/HTTPS and SNMP.

When any sort of request is to be performed by the TACACS+ client, the client first checks

to see if a socket to the server (primary or backup) is already open. If a socket is already

open, that socket is used for the TACACS+ request. If no socket is open, the primary server

is tried first. If the primary server socket fails to open, the backup server will be tried.

Regardless of whether the primary or backup socket connected, the primary server is

always tried first on the next connection attempt. Once the connection to the TACACS+

server opens, all pending requests are sent to the TACACS+ server.

If a connection to the TACACS+ server is not possible due to network or server problems,

all requests by applications are denied.

Functions of the AAA services

If TACACS+ authentication is enabled, the request is sent to the TACACS+ server. If

disabled, the router performs the authentication. At this point authorisation is also

performed. If TACACS+ authorisation is disabled, the user access level is obtained from the

local user table on the router. If TACACS+ authorisation is enabled, an authorisation request

is sent to the TACACS+ server. The server will return a privilege level and may also return

other attributed such as a new idle time for this session which takes precedence over locally

configured values.