Ide Tacacs+ Configuration - Avaya ERS 2500 Technical Configuration Manual

6.1.2 IDE TACACS+ Configuration

If we are using Identity Engines Ignition Server as the TACAC+ server, please follow the
configuration steps below assuming we wish to add the following:

User Name = read
o
Access Level = 1
o
Read-only access to allow only the following CLI commands: enable, show, exit,
and logout

User Name = user10
o
Access Level = 10
o
Restricted access to allow only the following CLI commands: enable, configure,
show, vlan, interface, router, network, logout, and exit

User Name = user15
o
Access Level = 15
o
Full access
IDE Step 1 – Go to Site 0 -> Services -> TACACS+

Ensure that TACACS+ is enabled, if not, click the Edit box and enable TACACS+. The default
port, TCP 49, should be left as-is.
IDE Step 2 – Add Users by going to Site Configuration -> Directories -> Internal Store -> Internal
Users and click on New

Enter the user name of read for read-only-access via User Name: and enter the password for
this user via Password and Confirm Password. Click on OK when done. If you wish, you can
also change the expiry date via Password Expires if you do not wish to use the default setting
of one year.

Repeat again by clicking on New to add user10 and user15.
IDE Step 3 – Go to Site Configuration -> Access Policies -> TACACS+ -> Device Command Sets

Click on New and enter a name of level1. Click on Add four separate times to add the
commands enable, show, exit, and logout with a Non-Specified Argument of Allow as shown
below for the access level 1 "ro" user. Click on OK when done.

Click on New one more time and enter a name of level10. Click on Add nine separate times to
add the commands enable, configure, show, vlan, interface, router, network, logout, and exit,
with a Non-Specified Argument of Allow as shown below for the access level 10 "user10" user.
Click on OK when done.

For the access 15 user, we will simply use the default all-commands Device Command Sets
Avaya Inc. – External Distribution
avaya.com
28