Controlling Access Point Access With Tacacs; Default Tacacs+ Configuration; Configuring Tacacs+ Login Authentication - Allen-Bradley Stratix 5100 User Manual

Controlling Access Point
Access with TACACS+
This section describes how to control administrator access to the wireless device
by using Terminal Access Controller Access Control System Plus (TACACS+).
For complete instructions on configuring the wireless device to support
TACACS+, see Configuring RADIUS and TACACS+ Servers on page
TACACS+ provides detailed accounting information and flexible administrative
control over authentication and authorization processes. TACACS+ is facilitated
through AAA and can be enabled only through AAA commands.
For complete syntax and usage information for the commands used in this
chapter, see the Cisco IOS Security Command Reference for Release

Default TACACS+ Configuration

TACACS+ and AAA are disabled by default.
To prevent a lapse in security, you cannot configure TACACS+ through a
network management application.When enabled, TACACS+ can authenticate
administrators accessing the wireless device through CLI.

Configuring TACACS+ Login Authentication

To configure AAA authentication, you define a named list of authentication
methods and then apply that list to various interfaces. The method list defines the
types of authentication that is performed and the sequence that they are
performed; it must be applied to a specific interface before any of the defined
authentication methods are performed.
The only exception is the default method list. The default method list is
automatically applied to all interfaces except those that have a named method list
explicitly defined. A defined method list overrides the default method list.
A method list describes the sequence and authentication methods to be queried
to authenticate a user. You can designate one or more security protocols to be
used for authentication, thus ensuring a back-up system for authentication in case
the initial method fails. The software uses the first method listed to authenticate
users; if that method fails, the software selects the next authentication method in
the method list.
This process continues until there is successful communication with a listed
authentication method or until all defined methods are exhausted. If
authentication fails at any point in this cycle—meaning that the security server or
local username database responds by denying the user access—the authentication
process stops, and no other authentication methods are attempted.
Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Administering the WAP Access Chapter 6
407.
12.3.
215