Filter
Top Products
TACACS+
The Sentry family of products supports the Terminal Access Controller Access Control System
(TACACS+) protocol. This enables authentication and authorization with a central TACACS+ server;
user accounts do not need to be individually created locally on each Sentry device.
This allows administrators to pre-define and configure (in each Sentry product, and in the TACACS+
server) a set of necessary TACACS+ privilege levels, and users access rights for each. User’s access
rights can then be assigned or revoked simply by making the user a member of one-or-more pre-defined
Sentry TACACS+ privilege levels. User account rights can be added, deleted, or changed within
TACACS+ without any changes needed on individual Sentry products.
The Sentry supports 16 different TACACS+ privilege levels; 15 are entirely configurable by the system
administrator (1 is reserved for default Admin level access to all Sentry resources).
TACAC+ Command Summary
Command Description
Set Authorder Specifies the authentication order for each new session attempt
Set TACACS Enables/disables SSL support
Set TACACS HostIP Sets the IP address of the TACACS server
Set TACACS Key Sets the TACACS encryption key
Show TACACS Displays TACACS configurations
Add GrouptoTACACS Grants a TACACS account access to one or more groups
Add OutlettoTACACS Grants a TACACS account access to one or all outlets
Add PorttoTACACS Grants a TACACS account access to one or serial ports
Delete GroupfromTACACS Removes access to one or more groups for a TACACS account
Delete OutlettoTACACS Removes access to one or more outlets for a TACACS account
Delete PortfromTACACS Removes access to one or more serial ports for a TACACS account
Set TacPriv Access Sets the access level for a TACACS account
Set TacPriv Envmon Grants or removes privileges to view input and environmental monitoring status
List TacPrivs Displays access levels for all TACACS accounts
List TacPriv Displays all accessible outlet/groups/ports for a TACACS account
Enabling and Setting up TACACS+ Support
There are a few configuration requirements for properly enabling and setting up TACACS+ support.
Below is an overview of the minimum requirements:
1. Enable TACACS+ support.
2. Define the IP address and domain component of at least one TACACS+server.
3. Set the TACACS+ key configured on the supporting TACACS+server.
Enabling and disabling TACACS+ support
The Set TACACS command is used to enable or disable TACACS+ support.
To enable or disable TACACS+ support:
At the Sentry: prompt, type set tacacs, followed by enabled or disabled and press Enter.
Setting the TACACS+ server IP address
The Set TACACS HostIP command sets the TCP/IP address of the TACACS+ server.
To set the TACACS+ server IP address:
At the Sentry: prompt, type set tacacs, followed by hostip1 or hostip2 and the TACACS+ server’s IP
address. Press Enter.
Example
The following command sets the primary TACACS+ server IP address to 98.76.54.32:
Sentry: set tacacs hostip1 98.76.54.32<Enter>
Sentry PT22 Advanced Operations • 63
Installation and Operations Manual