User guide
- 46 -
6.4 Security Settings
Allowed remote host IPs:
The WebMux management console and diagnostic login only allow logins from these IP
addresses to establish a management session. You can access from more than one IP address
by specifying all the allowed IP addresses separated by a “:” (except use “,” as divider for
IPv6 addresses). You can put the netmask following the IP address to specify the range of
hosts that can access the management console. For example, 192.168.12.0/24 will allow all
hosts in 192.168.12 network to access it. From version 6.4.00, 192.168.12 will be allowed for
class C allowed host. If this field is left blank, you can access the management software from
any IP address. It is recommended to set this up for security reasons. If the wrong IP
addresses are entered, management console login might not be possible. Use the setup mode
on the LCD panel to clear the allowed host list. This field is blank by default.
TACACS+ Server Configuration:
The WebMux allows you to control the user/passwords for the “superuser” group logins with
a TACACS+ server so that password changes can be administered to several WebMux
machines instantly through a central authentication server. In this field you will need to
specify the TACACS+ server IP with “server=xxx.xxx.xxx.xxx.” Other arguments include
“secret=” (if the TACACS+ server requires a password to be accessed) and “encrypt.” Each
argument must be separated with a space. If for some reason the TACACS+ server is not
working, the WebMux will default back to the passwords configured in its password setup
screen.
Connection warning threshold:
The WebMux monitors the number of connections established. When the number of
connections is greater than the value entered, the WebMux will page the designated numbers.
For example, if a DoS attack is occurring, the number of connections to the site would be
extremely high. Assuming they exceeded the value set for the “connection warning”
threshold, the designated numbers would be paged.