Table of Contents
Advertisement
You can choose the TACACS+ server manually. Enter your username, a
colon and the number of the TACACS+ server in the login field to
choose one of the two servers defined in the TACACs+ settings. For
example, if your username is 'admin' and you want to fix TACACS+
server 2 for authentication, enter 'admin:2' in the login field.
4.13.3
Authentication
The device for configuration can be accessed via the serial interface
(console), via the LAN with Telnet or SSH, or with a browser. Access
authentication for each of these three access methods can be individually
set up either to refer to the user accounts in the device itself, or to the the
user accounts on the TACACS+ server. A second login option can be
defined in case access authentication fails several times for the selected
user account.
Login primary: "TACACS" for login via the TACACS+ server, "Local" for
login using the local user accounts.
Login secondary: "TACACS" and "Local", as above. The only value
available here is the one not selected under 'Login primary". With the
additional option "None", the secondary login can be deactivated.
The fallback to local user accounts presents a security risk if no root
password is set. For this reason, TACACS+ authentication with fall-
back to local user accounts can only be activated if a root password
has been set.
Access retry: Defines the number of login failures before switching to
the secondary login option. If TACACS+ is set as the "Login primary",
then the defined number of login failures are followed by an attempt
to use the secondary TACACS+ server. Only in the event that the
maximum number of login failures occurs for this server too, does the
option set under "Login secondary" come into effect.
LANCOM ES-2126+ and LANCOM ES-2126P+
Chapter 4: Operation of Web- based Management
109
Advertisement
Table of Contents
