Specifications
Advanced Operations 107
Installation and Operations Manual
TACACS+
The PT22 supports the Terminal Access Controller Access Control System (TACACS+) protocol. This
enables authentication and authorization with a central TACACS+ server; user accounts do not need to be
individually created locally on each unit.
This allows administrators to pre-define and configure (in each unit, and in the TACACS+ server) a set
of necessary TACACS+ privilege levels, and users access rights for each. User’s access rights can then
be assigned or revoked simply by making the user a member of one-or-more pre-defined PT22
TACACS+ privilege levels. User account rights can be added, deleted, or changed within TACACS+
without any changes needed on individual PT22 units.
The PT22 supports 16 different TACACS+ privilege levels; 15 are entirely configurable by the system
administrator (1 is reserved for default Admin level access to all resources on the unit).
TACAC+ Command Summary
Command Description
Set Authorder Specifies the authentication order for each new session attempt
Set TACACS Enables/disables TACACS support
Set TACACS Host Sets the IP address or hostname of the TACACS server
Set TACACS Key Sets the TACACS encryption key
Set TACACS Port Sets the TACACS server port number
Show TACACS Displays TACACS configurations
Add GrouptoTACACS Grants a TACACS account access to one or more groups
Add OutlettoTACACS Grants a TACACS account access to one or more outlets
Add PorttoTACACS Grants a TACACS account access to one or more serial ports
Delete GroupfromTACACS Removes access to one or more groups for a TACACS account
Delete OutlettoTACACS Removes access to one or more outlets for a TACACS account
Delete PortfromTACACS Removes access to one or more serial ports for a TACACS account
Set TacPriv Access Sets the access level for a TACACS account
Set TacPriv Envmon Grants or removes privileges to view input and environmental monitoring status
List TacPrivs Displays access levels for all TACACS accounts
List TacPriv Displays all accessible outlet/groups/ports for a TACACS account
Enabling and Setting up TACACS+ Support
There are a few configuration requirements for properly enabling and setting up TACACS+ support.
Below is an overview of the minimum requirements:
1. Enable TACACS+ support.
2. Define the IP address and domain component of at least one TACACS+server.
3. Set the TACACS+ key configured on the supporting TACACS+server.
Enabling and disabling TACACS+ support:
The Set TACACS command is used to enable or disable TACACS+ support.
To enable or disable TACACS+ support:
At the Switched CDU: prompt, type set tacacs, followed by enabled or disabled and press Enter.