Lantronix EMG 8500 EMG User Guide - Page 319

14: User Authentication 2. Enter the following: Enable TACACS+ Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. You can enable TACACS+ here or on the first User Authentication page. If you enable TACACS+ here, it automatically displays at the end of the order of precedence on the User Authentication page. TACACS+ Servers 1-3 IPv4 or IPv6 address or host name of up to three TACACS+ servers. Secret/Retype Secret Shared secret for message encryption between the EMG and the TACACS+ server. Enter an alphanumeric secret of up to 127 characters. Encrypt Messages Select the checkbox to encrypt messages between the EMG unit and the TACACS+ server. Selected by default. Authentication Service The type of service used to pass the authentication tokens (e.g., login and password) between the EMG and the TACACS+ server. Options are: ASCII Login (login and password are transmitted in clear, unencrypted text), PPP/PAP (login and password are transmitted in clear, unencrypted text via a PAP protocol packet), and PPP/CHAP (the TACACS+ server sends a challenge that consists of a session ID and an arbitrary challenge string, and the user name and password are encrypted before they are sent back to the server). PPP/PAP is the default. Service The service to use when sending a TACACS+ authorization message to the server to obtain an authenticated user's priv_lvl. The priv_lvl is used to assign a EMG custom group to the authenticated user for permissions and port rights (see TACACS+ Groups). Suggested values are "slip", "ppp", "arap", "shell", "ttydaemon", "connection", "system" and "firewall". The default is "shell". Protocol The optional protocol associated with the Service, which is included in the TACACS+ authorization message sent to the server to obtain an authenticated user's priv_lvl. The priv_lvl is used to assign a EMG custom group to the authenticated user for permissions and port rights (see TACACS+ Groups). Suggested values are "lcp", "ip", "ipx", "atalk", "vines", "lat", "xremote", "tn3270", "telnet", "rlogin", "pad", "vpdn", "ftp", "http", "deccp", "osicp" and "unknown". Timeout The timeout in seconds when attempting to connect to a TACACS+ server. Timeout range is 1 to 10 seconds. 5 seconds is the default. Custom Menu If custom menus have been created (see Custom User Menu Commands), you can assign a default custom menu to TACACS+ users. Escape Sequence A single character or a two-character sequence that causes the EMG to leave direct (interactive) mode. (To leave listen mode, press any key.) A suggested value is Esc+A (escape key, then uppercase "A" performed quickly but not simultaneously). You would specify this value as \x1bA, which is hexadecimal (\x) character 27 (1B) followed by an A. This setting allows the user to terminate the connect direct command on the command line interface when the endpoint of the command is deviceport, tcp, or udp. Break Sequence A series of 1-10 characters users can enter on the command line interface to send a break signal to the external device. A suggested value is Esc+B (escape key, then uppercase "B" performed quickly but not simultaneously). You would specify this value as \x1bB, which is hexadecimal (\x) character 27 (1B) followed by a B. See Key Sequences for notes on key sequence precedence and behavior. Enable for Dial-back Select to grant a user Dial-back access. Users with dial-back access can dial into the EMG unit and enter their login and password. Once the EMG authenticates them, the modem hangs up and dials them back. Disabled by default. EMG™ Edge Management Gateway User Guide 319