A SERVICE OF

logo

Open as PDF
next previous
9-8 Firmware User Guide
TACACS+ server authentication
Netopia Firmware Version 8.4 supports TACACS+ server authentication. Its application to a Netopia Router is to
control access to the Router’s management interface, and to audit commands submitted by a user.
TACACS (Terminal Access Controller Access Control System) protocol provides access control for Netopia
Routers via a centralized server. TACACS+ provides separate authentication, authorization and accounting
services.
TACACS allows a client to accept a username and password and query a TACACS authentication server.
Configuration is similar to RADIUS server configuration. An additional toggle option TACACS+ Accounting
allows you to enable or disable the TACACS+ Accounting services feature.
Note: If the user is authenticated by a TACACS+ server, and TACACS+ Accounting is enabled, the session is
switched into Command Line Interface (CLI) mode (see the Command Line Interface Commands Reference)
and cannot be switched to console mode. If TACACS+ Accounting is enabled on the Netopia Router, each
command is sent to the TACACS+ server in a TACACS+ Accounting transaction. The CLI command is then
executed, regardless of the return code from the server.
User access password
Users must be able to change their names and passwords, regardless of other security access restrictions.
If a user does not have security access, then they will only be able to modify the password for their account.
When a limited-access user logs into the gateway. and accesses the System Configuration menus, the only
Security option displayed is Change Access Password.
Advanced Security Options
+---------------------------+
+---------------------------+
Remote Authentication... | RADIUS |
Security Databases... | TACACS+ |
Remote Server Addr/Name: +---------------------------+
Remote Server Secret:
Alt Remote Server Addr/Name:
Alt Remote Server Secret:
TACACS+ Accounting: Yes
Remote Access Privileges... Custom
Telnet Server Port: 23
Device Web Server via LAN only: Yes
LAN (Ethernet) IP Filter Set...
Remove Filter Set