Add Tacacs User configure new tacacs user inside tacacs gui

Tacacs Users. Add New Tacacs User


Section Content


Add New User Tabs

General Tab

General Tab

Table Fields Overview
Feild Description

it will be used for authentication and you can change it later

(Required!) The unique user name. Also you can switch the new user with (if you see that, the user will be disabled) or (if you see that, the user will be enabled) buttons. Disabled user will be stored in database, but won’t appear in the main configuration.

Preconfigured values: e – enable; m – message

Every user can be member of predefined user group. If user doesn’t have some settings it will try to take them from group.
(Required!) The main password of the new user. The password can be stored in clear text (0), md5 hash (1) or inside of local database (3). In case of choosing md5 hashing don’t forget to select that the system should make hash from text that you put or you put hash (“Encrypt the login password (hashing), uncheck it if you put hash”). In case of using local database you can set parameter of change password for that user (also it must be set globally).
Enable password for that user. The enable password can be stored in clear text (0), md5 hash (1) or as a clone of login password (4).

Message Tab

Message Tab

The message that will appeared after user log in.

More info about special characters you can find here.

Access Rules Tab

Access Tab

Table Fields Overview
Field Description

default 15, if Undefined it will not appeared in configuration

Privilege level settings

select ACL

Here you can set pre-configured tacacs Access Control List (ACL), to restrict access for specific ip addresses. How to add new tacacs ACL?

select service

Here you can define service for the new user. Service used for restrict access inside the device, it is a part of authorization. You can restrict access inside of device (after log in) with service. Every vendor has your own parameters of service attributes. How to define new tacacs service?
If checked the default service for that user will permited.
Date of the user access begin. The user access will be restricted before that date.
Date of the user access end. The user access will be restricted after that date.

restrict access, only from specified ip address(es). It should be in sort of <ip address>/<prefix>

Fast way to restrict access without acl, only if user will be with that ip address or inside that network access will be allowed.

restrict access, only to specified NAS ip address(es). It should be in sort of <ip address>/<prefix>

Fast way to restrict access without acl, allow user access to device or network only.

Extra Options Tab

Extra Options Tab

Table Fields Overview
Field Description

default login clone, if empty that option will not appeared in configuration

Some devices require pap authentication, e.g. Nexus, PaloAlto and so on. The pap password can be stored in clear text (0), md5 hash (1) or as a clone of login password (4).

default empty, if empty that option will not appeared in configuration

Chap authentication password. Can be stored only in clear text.

default empty, if empty that option will not appeared in configuration

MS-chap authentication password. Can be stored only in clear text.

OTP Tab (One-Time Password)

OTP Tab

Info!

That tab available only when you edit user.

SMS Tab

SMS Tab

Info!

That tab available only when you edit user.

Manual Tab

Manual Tab

Here you can define manual settings for new user. More info you can find here.


Don't Forget to Apply the configuration!

Changes will take effect only after configuration apply!

Author: Alexey Mochalin; Created at: 2018-11-01 22:39:11; Updated at: 2018-11-08 10:41:04