Table of Contents
Advertisement
Server Groups are configured on the Configure > Access Control page Server Groups tab of the
ZoneRanger web interface. Proxy rules for TACACS+ and RADIUS are configured on the TACACS+
and RADIUS tabs.
The simplest possible server group configuration is to define a single group. The following steps would
be required:
•
Define a single server group named MyServerGroup
•
Add the following proxy rule to the TACACS+ table:
*.*.*.* MyServerGroup
•
Add the following rule to the RADIUS table:
*.*.*.* MyServerGroup
Using this configuration, the ZoneRanger will select a server from MyServerGroup to handle
TACACS+ and RADIUS requests from all managed devices. If there was a need to configure a second
server group to handle requests originated by specific devices, the following steps would be required:
•
Define a new server group (e.g. MyOtherServerGroup )
•
Insert proxy rules for the specific IP addresses or IP address ranges to the top of the TACACS+
table:
10.254.1.1 MyOtherServerGroup
10.254.2.[10-20] MyOtherServerGroup
*.*.*.* MyServerGroup
•
Insert proxy rules for the specific IP addresses or IP address ranges to the top of the RADIUS
table:
10.254.1.1 MyOtherServerGroup
10.254.2.[10-20] MyOtherServerGroup
*.*.*.* MyServerGroup
When handling a TACACS+ or RADIUS request from a given device, the ZoneRanger will search
through the proxy rules table associated with the protocol being used for the first rule that matches the
requesting device's address. As such, it is important to ensure that specific address rules are placed
ahead of overlapping range or wild-card rules.
ZoneRanger 5.5 User's Guide
56
Hide quick links:
Advertisement
Table of Contents
