Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

 A  B  C  D  E  F  G  H  I  L  M  N  O  P  R  S  T  U  V  W

 

A

access control lists    
adding, MySQL database
displaying, MySQL database
removing, MySQL database
access security    
CTPView server, managing
accounts    
creating CTPView server nonroot
default CTPOS
default CTPView server
address filter, IP     See IP access filter    
Admin Center    
accessing
groups    
adding
deleting
modifying affiliation
modifying properties
monitoring
passwords    
changing requirements
excluding from use
limiting use
managing user
reinstating excluded
users    
adding
automatic logout
counters
deleting active
deleting inactive
deleting prohibited
displaying prohibited
IP access filters, creating
IP access filters, removing
locked-out IP addresses
lockout period
logging out selected
login attempts
login properties
managing access
modifying properties
monitoring
prohibiting
reinstating prohibited
administrative passwords    
changing
administrative settings    
configuring
Apache daemon    
restarting    12
archive file    
complete, upgrading CTPView software with
web, upgrading CTPView software with
authentication    
CTPView software users with Steel-Belted RADIUS
 

B

bandwidth throttling
banner    
CTPView start-up (log-in)
setting    
CTPView server menu
BIOS menu    
changing the password    12
booting CTPView server from CD
browser    
logging in
restarting Apache daemon on CTPView server
restoring access
 

C

Circuit to Packet network    
clock options
overview
receive packet processing
serial stream processing
software overview
transmit packet processing
clock options
CompactFlash card    
burning a CTPOS image to
changing read/write state
configuration settings    
restoring (CTPView server menu)    12
saving CTPView software    12
configuration, server    
restoring overview (CTPView GUI)    12
CTP devices    
unlocking user accounts with expired passwords    12
CTP platforms    
adding and removing
adding comments to monitoring status
automatically collecting statistical data
changing display settings for network monitoring
checking connections to the CTPView server
displaying network statistics
displaying reports
displaying runtime query results
host groups, adding and removing
managing    
monitoring
manually overriding monitoring status
monitoring (CTPView GUI)
passwords    
changing user
port forwarding    
clearing open sockets
configuring the platform
configuring the server
restoring configuration
saving configuration automatically
setting audible status alert
SNMP communities, adding and removing
SSH connections    
clearing open sockets
configuring the platform
configuring the server
understanding network reports
updating CTPOS
CTPOS    
burn CTPOS flash image    12
burning image to a CompactFlash card
default accounts and passwords
updating
upgrade files
CTPView    
menu, accessing
TACACS+, configuring
TACACS+, query
TACACS+, settings
CTPView Admin Center     See Admin Center    
CTPView GUI    
adding comments to platform monitoring status
Admin Center, accessing
automatically removing outdated files
automatically synchronizing servers
bandwidth throttling
browser settings
browser, logging in
changing default user password
checking network connections
configuring automatic functions
creating more server disk space
CTP platform reports
display settings
display settings help
displaying platform and port runtime query results
email notifications
Global_Admin account, creating
groups    
adding
deleting
modifying affiliation
modifying properties
monitoring
host groups, adding and removing
managing users and groups
manually overriding platform monitoring status
monitoring the CTP platform network
network monitoring display settings
network reports    1
field descriptions
network statistics
NTP servers, managing
passwords    
changing requirements
excluding from use
limiting user
managing user
reinstating excluded
platforms, adding and removing
port forwarding, managing
restoring configuration    
CTP platform
CTPView server, by synchronizing servers    12
restoring server configuration    
overview    12
saving configuration    
CTP platform
server clock, setting
setting audible platform status alert
SNMP communities, adding and removing
start-up (log-in) banner
support for tabbed or nontabbed browsers
synchronizing servers    
automatically
manually
network configuration
overview
user properties, modifying
users    
adding
automatic logout
counters
deleting active
deleting inactive
deleting prohibited
displaying prohibited
IP access filters, creating
IP address access filters, removing
locked-out IP addresses
lockout period
logging out selected
login attempts
login properties
managing access
monitoring
prohibiting
reinstating prohibited
validating server configuration    12
verifying server OS installation
CTPView server    
access security, managing    12
account    
creating nonroot
acquiring shell access
booting from CD
clock, setting
configuring guidelines on a virtual machine
configuring on a Hyper-V server
configuring on an ESXi server
creating disk space    
CTPView GUI
data file permissions, resetting
default accounts and passwords
determining free disk space
disk space, creating    
CTPView server menu    12
firewall defaults, restoring
installation log
installing OS (CTPView server CLI)
installing the software overview
log-in banner, setting
logging level, setting
logs, managing
MySQL server, restarting
network access, configuring
on a Hyper-V server
on a Hyper-V server, overview
on a virtual machine, overview
on an ESXi server
on an ESXi server, overview
password    
creating nonroot
setting new nonroot
setting new root
password requirements    12
port forwarding, configuring
preparing a new
restoring browser access
restoring configuration by synchronizing servers    12
restoring configuration overview    
CTPView GUI    12
restoring configuration settings    
CTPView server menu    12
restoring shell access
software installation and upgrade    
overview
start-up (log-in) banner
synchronizing to restore configuration    12
system administrator account, resetting
system file defaults, restoring
TACACS+ settings
TACACS+, configuring
third-party software on
upgrade files
upgrading the software overview
user passwords, managing
users, managing shell account
validating configuration    12
verifying OS installation
web certificate, creating
CTPView server CLI    
BIOS menu password    12
burning CTPOS image to a CompactFlash card
changing default user password
changing root account password    12
installing server OS
reviewing the installation log
CTPView server menu    
access security, managing
accessing
creating more server disk space    12
GRUB boot loader password    12
log-in banner, setting
logging level, setting
logs, managing
MySQL Apache account password    12
MySQL IP access lists
MySQL root account password    12
MySQL server, restarting
network access, configuring
OpenSSL authenticaton, creating and self-signing web certificate
port forwarding, managing
restoring server configuration settings    12
saving CTPView configuration settings    12
TACACS+, configuring
user passwords, managing
users, managing shell account
web certificate, creating
CTPView server OS    
software installation and upgrade    
overview
tasks
verifying installation
CTPView server, OpenSSL    
web certificate, creating
CTPView software    
configuring administrative settings
saving configuration settings    12
updating CTPOS
upgrade files
upgrading    
overview
with complete archive file
with web archive file
user security levels
 

D

data file permissions    
CTPView server, resetting
 

E

email notifications    
configuring
ESXi server    
configuring CTPView server
configuring guidelines CTPView server
overview of CTPView server on
 

F

files    
removing (CTPView GUI)
removing (CTPView server menu)    12
firewall    
CTPView server defaults, restoring
 

G

Global_Admin account    
creating CTPView GUI
groups, user    
adding
deleting
managing
modifying affiliation
modifying properties
monitoring
GRUB boot loader    
changing the password    12
 

H

host groups    
adding and removing
Hyper-V server    
configuring CTPView server
configuring guidelines CTPView server
overview of CTPView server on
 

I

installation    
reviewing log for errors
software overview
IP access filter
IP address filter     See IP access filter    
 

L

limiting CTP network bandwidth
log-in banner    
configuring
setting    
CTPView server menu
logging level    
CTPView server, setting
login security    
CTPView software
logs    
managing CTPView server
 

M

menu    
accessing CTPView server
MySQL database    
automatically backing up
changing the Apache account password    12
changing the root account password    12
configuring IP access control lists
MySQL server    
restarting
 

N

native authentication with Steel-Belted RADIUS
network access    
configuring server
network reports    
displaying CTP platform
understanding CTP platform
nonroot account    
creating
nonroot passwords    
creating
setting new
NTP servers    
managing
 

O

OpenSSL authentication    
web certificate, creating
OS, CTPView server    
installing (CTPView server CLI)
software installation and upgrade    
overview
tasks
verifying installation on server
outdated files    
automatically removing
removing (CTPView GUI)
removing (CTPView server menu)    12
overview    
Circuit to Packet network
CTP network software
restoring configuration    12
restoring server configuration    
CTPView GUI    12
software installation and upgrade    
CTPView server
synchronizing servers (CTPView)    
CTPView GUI
 

P

passwords    
BIOS menu changing    12
changing administrative
changing requirements
CTP platform user    
changing
CTPOS    
default
CTPView GUI    
changing default
CTPView server    
changing default
changing root    12
creating nonroot
default
recovering lost
requirements    12
setting new nonroot
setting new root
excluding from use
expiration of user
Global_Admin account
GRUB boot loader changing    12
limiting use
managing user
MySQL database changing    1234
reinstating excluded
requirements of user
port forwarding    
configuring on CTP platforms
configuring on the CTPView server
 

R

receive packet processing
redundant files    
removing (CTPView GUI)
removing (CTPView server menu)    12
remote host     See CTP platforms    
root passwords    
setting new CTPView server
RSA SecurID authentication with Steel-Belted RADIUS
 

S

security levels    
user
serial stream processing
setting user password    
resetting password
shell access to CTPView server    
acquiring
restoring
SNMP communities     See adding and removing    
software    
installation and upgrade    
CTPView server OS tasks
CTPView server overview
network management only
upgrade files
SSH    
connections to CTP platforms    
configuring on the platform
persistent connections to CTP platforms    
configuring on the server
start-up banner    
configuring
setting    
CTPView server menu
Steel-Belted RADIUS    
authentication for CTPView software users
synchronization of CTPView servers    
automatic method
configuring the synchronization network
manual method
overview
to restore configuration    12
system administrator account    
CTPView server, resetting
system file    
CTPView server defaults, restoring
 

T

third-party software    
using on the CTPView server
transmit packet processing
troubleshooting    
installation issues
two factor authentication with Steel-Belted RADIUS
 

U

upgrade    
CTPView Network Management Software
software overview
user accounts, unlocking    
expired passwords    12
user groups     See groups, user    
user passwords    
changing CTP platform
changing CTPView GUI default
changing server’s default
changing server’s root    12
expiration
requirements
users    
adding
authentication with Steel-Belted RADIUS
automatic logout
counters
deleting active
deleting inactive
deleting prohibited
displaying prohibited
IP access filters    
creating
removing
locked-out IP addresses
lockout period
logging out selected
login attempts
login properties
managing
managing access
managing passwords
modifying properties
monitoring
password requirements    12
prohibiting
reinstating prohibited
security levels    12
shell account, classification
shell account, managing
 

V

virtual machine    
CTPView server, configuring guidelines
CTPView server, overview
 

W

web certificate    
creating

Related Documentation

  • Configuring the TACACS+ Server

Configuring CTPOS and CTPView User Authentication with TACACS+

The TACACS+ protocol provides access control (authentication, authorization, and accounting services) for routers and network access servers through one or more centralized TACACS+ servers. Unlike RADIUS, TACACS+ provides separate handling of authentication, authorization, and accounting services. CTPOS and CTPView use only authentication and authorization services, and do not use the accounting service.

CTP devices act as TACACS+ clients, which send request for authentication and authorization from the centralized TACACS+ servers that have separate user databases for CTPOS CLI users, CTPView CLI users, and CTPView Web UI users.

TACACS+ is supported only on CTPOS Release 6.4 and later and CTPView Release 4.4 and later. In earlier releases, RADIUS is used for remote authentication and authorization. Effective from CTPOS Release 6.4 and CTPView Release 4.4, both RADIUS and TACACS+ are supported.

CTP uses TACACS+ authentication to authenticate users based on the login credentials that are configured on the centralized TACACS+ servers and provides the privileges to the TACACS+ clients. The user is logged in to the device with the privileges that TACACS+ server returns after successful authentication and authorization.

Configuring TACACS+ Settings from the CTPView Server

You can configure TACACS+ for CTPView CLI and CTPView HTTPS users only from CTPView menu. You cannot enable both RADIUS and TACACS+ at the same time. You can enable TACACS+ only after disabling RADIUS.

To configure TACACS+ settings on the CTPView server:

  1. From the AAA Menu, select 2) SSH(2nd) - RADIUS/RSA > 2) TACACS+.

    The current status of TACACS+ is displayed.

    Currently, SSH – TACACS+ is set to Disabled.
    
    Please choose a menu item from the following list:
    0) Return to previous menu
    1) Enable
    2) Disable
    Enter your selection for SSH – TACACS+
    Please input an integer between 0 and 2 [0]:
  2. Select 1) Enable to enable TACACS+.
    Please choose a menu item from the following list:
    0) Return to previous menu
    1) RADIUS/RSA: Disabled
    2) TACACS+: Enabled
    Please input your choice [0]:
  3. Return to the AAA Menu, and select 9) TACACS+ Configuration > 1) Servers to configure the TACACS+ servers.
  4. Follow the onscreen instructions and configure the parameters as described in
    Table 26.

    Table 26: TACACS+ Settings for CTPView Server

    Field

    Function

    Your Action

    Servers

    You can configure up to 10 TACACS+ servers each for CTPOS and CTPView users for authentication and authorization.

    The CTP device tries to authenticate the user from the first server in the list. If the first server is unavailable or fails to authenticate, then it tries to authenticate from the second server in the list, and so on.

    Authorization is done on the server that successfully authenticates the user.

    Enter the IP address of the server and specify the shared secret.

    Shared secret is the secret key used to encrypt and decrypt packets that are sent and received from the server. The same secret key is used to encrypt and decrypt packets that are sent to and received from the TACACS+ clients.

    Destination Port

    TACACS+ uses the TCP port for sending and receiving data.

    Port 49 is reserved for TACACS+ and is the default port.

    Enter the destination port number.

    Timeout

    Time in seconds that the TACACS+ client should wait for a response from the TACACS+ server after sending the authentication and authorization request. Timeout value applies to all the TACACS+ servers that are configured.

    The default timeout value is 5 seconds.

    Specify a value in the range 1–60.

    Off-Line-Failover

    You can use the local authentication credentials if the configured TACACS+ servers are unavailable or no response is received from the TACACS+ servers.

    The default option is Allowed to Loc Acct.

    Select one.

    • Not Allowed
    • Allowed to Loc Acct

    Reject-Failover

    You can use the local authentication credentials if the TACACS+ server rejects the attempt to authenticate.

    The default option is Allowed to Loc Acct.

    Select one.

    • Not Allowed
    • Allowed to Loc Acct
  5. From the TACACS+ Menu, select 6) Initialize Web UI Template Accounts.
  6. Enter the MySQL administrator account password when prompted.

    The required template accounts are added to CTPView. These accounts are not configurable. This step is performed as part of the initial configuration of CTPView as a TACACS+ client. However, repeating this step has no detrimental effect on the TACACS+ configuration.

Configuring TACACS+ Settings from the CTPView Web Interface

You can configure TACACS+ for CTPOS users from the CTPView web interface.

To configure TACACS+ from the CTPView web interface:

  1. In the side pane, select System > Configuration.
  2. Click Node Settings > TACACS+ Settings tab.

    The TACACS+ Settings page is displayed.

  3. Configure the parameters described in Table 27 and click Submit Settings.
  4. (Optional) Click System > Query > Node Settings to verify the TACACS+ configuration details.

    Table 27: TACACS+ Settings for the CTPView Web Interface

    Field

    Function

    Your Action

    Status

    Specifies whether TACACS+ is enabled or disabled.

    TACACS+ is disabled by default.

    Select one.

    • Enabled
    • Disabled

    Dest Port

    TACACS+ uses the TCP port for sending and receiving data.

    Port 49 is reserved for TACACS+ and is the default port.

    Enter the destination port number.

    Timeout

    Time in seconds that the TACACS+ client should wait for a response from the TACACS+ server after sending the authentication and authorization request. Timeout value applies to all the TACACS+ servers that are configured.

    The default timeout value is 5 seconds.

    Specify a value.

    Off-Line-Failover

    You can use the local authentication credentials if the configured TACACS+ servers are unavailable or no response is received from the TACACS+ servers.

    The default option is Allowed to Loc Acct.

    Select one.

    • Not Allowed
    • Allowed to Loc Acct

    Reject-Failover

    You can use the local authentication credentials if the TACACS+ server rejects the attempt to authenticate.

    The default option is Allowed to Loc Acct.

    Select one.

    • Not Allowed
    • Allowed to Loc Acct

    Servers

    You can configure up to 10 TACACS+ servers each for CTPOS and CTPView users for authentication and authorization.

    CTP tries to authenticate the user from the first server in the list. If the first server is unavailable or fails to authenticate, then it tries to authenticate from the second server in the list, and so on.

    Authorization is done on the server that successfully authenticates the user.

    Enter the IP address of the server, and specify a shared secret.

    Shared Secret

    Shared secret is the secret key that TACACS+ servers use to encrypt and decrypt packets that are sent and received from the server. TACACS+ clients use the same secret key to encrypt and decrypt packets.

    Specify the shared secret.

Related Documentation

  • Configuring the TACACS+ Server

Modified: 2016-02-04