6 TACACS+ Access Manager

this section describes how to configure single connect and devices to use the radius/tacacs+ aaa service through single connect adding a new element type 1 log in to single connect 2\ navigate to device management > element type 3\ type in the element type id and element type name 4\ save adding a new device group 1\ log in to single connect 2\ navigate to device management > device group 3\ type in device group name and description 4\ select the parent device group (optional) 5\ save adding device group properties 1\ log in to single connect 2\ navigate to device management > device group 3\ right click the selected group 4\ click the “show properties” button 5\ set radius/tacacs+ secret as “globalsecretkey” 6\ save adding common enable password bot/script user groups need to use a common password for enable password in scripts the "globalenabledpassword" property allows to set a common password for a device group to be used when prompted for enable password 1\ log in to single connect 2\ navigate to device management > device group 3\ right click the selected group 4\ click the “show properties” button 5\ set common enable password as “globalenablepassword” 6\ save adding a subnet 1\ log in to the single connect web gui 2\ navigate to device management > device groups 3\ right click on the device group to be discovered and select “add/edit subnet” 4\ set subnet information adding devices with ip regex 1\ log in to the single connect web gui 2\ navigate to device management > device groups 3\ right click on the device group to be discovered and select add/edit ip regex pattern 4\ set allowed/denied ip regex adding a new device 1\ log in to single connect 2\ navigate to device management > device inventory 3\ go to the “new device discovery” tab 4\ type device ip address 5\ select access protocol sshv2 can be selected to add devices which use radius/tacacs+ server for aaa the default port number can be used, or an admin can define the port number 6\ select the element type and the device group to be assigned 7\ click “discover and add” adding a device realm 1\ log in to single connect 2\ navigate to device management > device group 3\ open the "device group realms" tab 4\ type in the device realm name and select the device group(s) 5\ save adding radius/tacacs+ attribute 1\ log in to single connect 2\ navigate to policy control > session policy 3\ type in key (text before the first space is considered as attribute key text between the first and second space is considered as an operand text after the second space is considered as the attribute value ) and description 4\ select “radius/tacacs+ attribute” as the type 5\ select element types to add the attribute 6\ save example cisco ios example avps cisco avpair = shell\ priv lvl=1 service type = nas prompt user adding radius/tacacs+ policy key 1\ log in to single connect 2\ navigate to policy control > session policy 3\ open the "policy" tab 4\ type in the policy name and description 5\ select the "operation" as operation mode 6\ select the policy key(s) to apply 7\ save adding a policy realm 1\ log in to single connect 2\ navigate to policy control > session policy 3\ open the "policy realm" tab 4\ type in realm name and description 5\ select the policy key group(s) and the device realm(s) 6\ save mscahpv2 radius configuration please ask consultation from kron technical support epdestek\@kron com tr single connect server configurations please ask consultation from kron technical support https //sc support\@kron com epdestek\@kron com tr single connect gui configurations single connect admin should follow the steps below 1\ log in to the single connect web gui 2\ create a user and user group (see also managing user and managing user group sections in admin guide) 3\ create a device group and add the new device to device group (see also managing devices) 4\ create a device group realm with the user group defined at step 2 and the device group defined at step 3 (see also managing devices) 5\ define the authenticating secret key as, “globalsecretkey” in the device group properties (see also adding device group properties in managing devices) 6\ navigate to administration > radius 802 1x config 7\ choose an eap type (for now only peap is available as an eap type ) 8\ fill in the certificate authority pem, certificate private key pem and certificate private key password fields (it is not necessary for the information to be correct) 9\ tick the “add sc server to active directory” and fill in the necessary fields