Avaya Inc.
– External Distribution
61
avaya.com
March 2015
5.3.3 IDE Configuration
If we are using Identity Engines Ignition Server as the TACAC+ server, please follow the configuration
steps below assuming we wish to add the following:
User Name = user1
o
Privilege Level = 1
o
Read-only access
User Name = user6
o
Privilege Level = 6
o
Read-write-all access
IDE Step 1
–
Go to Configuration
-> <
Site name
> ->
Services
->
Ensure that is enabled, if not, click the
Edit
box and enable . The default port, TCP
49, should be left as-is.
IDE Step 2
– Add Users by going to
Configuration
->
Site Configuration
->
Directories
->
Internal
Store
->
Internal Users
and click on
New
Enter the user name of
user1
for read-only-access via
User Name
: and enter the password for
this user via
Password
and
Confirm Password
. Click on
OK
when done. If you wish, you can also
change the expiry date via
Password Expires
if you do not wish to use the default setting of one
year.
Repeat again by clicking on
New
to add
user6
.
IDE Step 3
– Add a new policy by going to
Configuration
->
Site Configuration
->
Access
Policies
->
Right-click
and select
Ne
w Access Policy…
Via the
New Access Policy
pop-up window, enter a policy name, i.e.
VSP Policy
as used in this
example
IDE Step 4
– Go to
Configuration
->
Site Configuration
->
Access Policies
->
->
VSP
Policy
(name we configured in Step 3 above)
Go to the
Authorization Policy
tab and click on
Edit.
o
Once the
Edit Authorization Policy
window pops up, click on
Add
in the
Rules
window
.
Add
two Rules simply named level1 and level6
o
For the rule named
level1
, click on
New
to add a new constraint. From
Attribute Category
,
select
User
and scroll down and select
user-id
. Select
Equal To
with
Format
of
None
, check
Static Value
, and enter the read-only-access user id of
user1
. Click on
OK
when done. Via
Action
, select
Allow
. Click on the
Session Values
tab, check off
Privilege Level
and enter 1.