The Sentry family of products supports the Terminal Access Controller Access Control System
() protocol. This enables authentication and authorization with a central server;
user accounts do not need to be individually created locally on each Sentry device.
This allows administrators to pre-define and configure (in each Sentry product, and in the
server) a set of necessary privilege levels, and users access rights for each. User’s access
rights can then be assigned or revoked simply by making the user a member of one-or-more pre-defined
Sentry privilege levels. User account rights can be added, deleted, or changed within
without any changes needed on individual Sentry products.
The Sentry supports 16 different privilege levels; 15 are entirely configurable by the system
administrator (1 is reserved for default Admin level access to all Sentry resources).
TACAC+ Command Summary
Command Description
Set Authorder
Specifies the authentication order for each new session attempt
Set TACACS
Enables/disables SSL support
Set TACACS HostIP
Sets the IP address of the TACACS server
Set TACACS Key
Sets the TACACS encryption key
Show TACACS
Displays TACACS configurations
Add GrouptoTACACS
Grants a TACACS account access to one or more groups
Add OutlettoTACACS
Grants a TACACS account access to one or all outlets
Add PorttoTACACS
Grants a TACACS account access to one or serial ports
Delete GroupfromTACACS
Removes access to one or more groups for a TACACS account
Delete OutlettoTACACS
Removes access to one or more outlets for a TACACS account
Delete PortfromTACACS
Removes access to one or more serial ports for a TACACS account
Set TacPriv Access
Sets the access level for a TACACS account
Set TacPriv Envmon
Grants or removes privileges to view input and environmental monitoring status
List TacPrivs
Displays access levels for all TACACS accounts
List TacPriv
Displays all accessible outlet/groups/ports for a TACACS account
Enabling and Setting up Support
There are a few configuration requirements for properly enabling and setting up support.
Below is an overview of the minimum requirements:
1.
Enable support.
2.
Define the IP address and domain component of at least one server.
3.
Set the key configured on the supporting server.
Enabling and disabling support
The Set TACACS command is used to enable or disable support.
To enable or disable support:
At the Sentry: prompt, type
set tacacs
, followed by
enabled
or
disabled
and press
Enter
.
Setting the server IP address
The Set TACACS HostIP command sets the TCP/IP address of the server.
To set the server IP address:
At the Sentry: prompt, type
set tacacs
, followed by
hostip1
or
hostip2
and the server’s IP
address. Press
Enter
.
Example
The following command sets the primary server IP address to 98.76.54.32:
Sentry: set tacacs hostip1 98.76.54.32<Enter>
Sentry PT22
Advanced Operations
•
63
Installation and Operations Manual
Summary of Contents for Sentry PT22
Page 44: ......