TACACS Parameters

The TACACS Configuration Menus offer the following options:

• Enable: Enables/disables the TACACS feature at the Network Port. (Default = Off)

• Primary Address: The IP address or domain name for your primary TACACS server. (Default = undefined)

• Secondary Address: The IP address or domain name for your secondary, fallback TACACS server. (Default = undefined)

• Secret Word: The shared TACACS Secret Word for both TACACS servers. (Default = undefined)

• Fallback Timer: Determines how long the unit will attempt to contact the primary TACACS Server before falling back to the secondary server.

(Default = 15 Seconds)

• Fallback Local: Determines whether or not the TSM/RSM will fallback to its own username directory when an authentication attempt fails. When enabled, the unit will first attempt to authenticate the password by checking the TACACS Server. If this fails, the unit will then attempt to authenticate the password by checking its own internal username directory. This parameter offers three options:

 Off: Fallback Local is disabled (Default)

 On (All Failures): Fallback Local is enabled, and the unit will fallback to it's own

internal user directory when it cannot contact the TACACS Server, or when a password or username does not match the TACACS Server.

 On (Transport Failure): Fallback Local is enabled, but the unit will only fallback

to it's own internal user directory when it cannot contact the TACACS Server.

• Authentication Port: The port number for the TACACS function. (Default = 49)

• Default User Access: When enabled, allows TACACS users to access the unit without first defining a TACACS user account on the TSM/RSM. When new TACACS users access the unit, they will inherit the default Access Level, Port Access and Service Access defined via the items listed below: (Default = On)  Enable: Enables/disables the Default User Access function. (Default = On)  Access Level: Determines the default Access Level setting for new TACACS

users. This option can set the default access level for new TACACS users to "Administrator", "SuperUser", "User" or "ViewOnly." For more information, please refer to Section 5.4.1 and Section 17.2. (Default = User)

 Port Access: Determines the default Port Access setting for new TACACS users. The Port Access setting determines which serial ports each account will be allowed to control. (Defaults; Administrator and SuperUser = All Ports On, User = undefined, ViewOnly = undefined)

Notes:

• Administrator and SuperUser level accounts always have access to all ports. • User level accounts will only have access to ports specified via the "Port

Access" parameter.

• ViewOnly level can view the connection status of permitted serial ports, but are not allowed to create connections between ports.

 Plug Access: (RSM-xRy Series Units Only) Determines the default Plug Access setting for new TACACS users. (Defaults; Administrator and SuperUser = All Plugs On, User = undefined, ViewOnly = undefined)

Notes:

• Power Control functions are only available on RSM-xRy Series units. The Plug Access parameter is not available on standard TSM Series units or standard RSM Series units.

• Administrator and SuperUser level accounts always have access to all plugs. • User level accounts will only have access to the plugs that are defined via the

"Plug Access" parameter.

• ViewOnly accounts are allowed to view the On/Off status of permitted plugs, but are not allowed to invoke switching and reboot commands.

 Plug Group Access: (RSM-xRy Series Units Only) Determines the default Plug Group Access setting for new TACACS users. For more information, please refer to Section 5.6. (Defaults; Administrator and SuperUser = All Plug Groups On, User = undefined, ViewOnly = undefined)

Notes:

• Power Control functions are only available on RSM-xRy Series units. The Plug Group Access parameter is not available on standard TSM Series units or standard RSM Series units.

• In order to use this feature, Plug Groups must first be defined as described in Section 5.6.

• Administrator and SuperUser level accounts will always have access to all plug groups.

• User Level accounts will only have access to the plug groups that are defined via the Plug Group Access parameter.

• ViewOnly accounts are allowed to view the status of permitted Plug Groups but are not allowed to invoke switching and reboot commands.

 Service Access: Selects the default Service Access setting for new TACACS users. Determines whether each account will be able to access command mode via Serial Port, Telnet/SSH or Web. In addition, the Service Access setting also determines whether each account will be able to employ the Outbound Access function. (Default = Serial Port = On, Telnet/SSH = On, Web = On, Outbound Access = Off.)

Note: If Outbound Access has been disabled via the Network Parameters menu, then the Service Access parameter will not be allowed to grant Outbound Access to new TACACS users.

 Current/Power Metering: (RSM-8R8-CM Series Units Only) Determines whether or not new TACACS users will be allowed to access current metering and power metering functions by default. (Default = Off)

• Ping Test (Ping TACACS Servers): Allows you to ping IP addresses or domain names that have been defined via the TACACS Parameters menus in order to check that a valid IP address or domain name has been entered.

Notes:

• In order for the Ping Test feature to function, your network and/or firewall must be configured to allow ping commands.

• In addition to the Ping Test feature, the /TEST command in the Text Interface or the "Test" option in the Web Browser Interface can also be used to ping any user defined IP address in order to make certain that the IP address is responding.