System information

LANCOM ES-2126+ und LANCOM ES-2126P

쮿 Chapter 4: Operation of Web- based Management

consistent on all devices or for all services. For this reason, user data should

be managed on a central server.

As a simple example, a user wishes to register at a router and sends the cor-

responding login details (user ID) to it. In this case the router functions as a

Network Access Server (NAS): It does not check the user data itself; rather, the

data is forwarded to the central AAA server, which responds by checking the

data and answering with an accept or a reject.

4.15.2 Configuring the TACACS+ parameters

TACACS+ is configured with the following parameters:

쮿 State

Configures the TACACS+ server and sets the password for the encryption

of data communications with the TACACS+ protocol.

왏 Server 1: Address of the TACACS+ server to which requests for

authentication, authorization and accounting are to be forwarded.

The value 0.0.0.0 deactivates this entry.

왏 Server 2: You can optionally configure a second TACACS+ server

address here. If the first TACACS+ server is not available and the

maximum number of failed login attempts is reached, the device

forwards its login requests to the alternative TACACS+ server. The

maximum number of failed login attempts is set as the "Access retry"

value under the "Access" menu item.

The value 0.0.0.0 deactivates this entry.

왏 Secret key: The password for encrypting the communications between

NAS and TACACS+ servers.



The password must be entered identically into the LANCOM and the

TACACS+ server. We recommend that you do not operate TACACS+

without encryption.

AAA-SERVER

User ID

NAS