Mushroom Networks Documentation

TACACS support on Mushroom from 1.19.1

TACACS uses a client-server model approach. So you would need a server where it can authorize/authenticate the requests from the client (Mushroom).

Steps to configure the server on a Linux machine:

  1. Firstly, you need to install the TACACS+ server on your machine. You can install wiith the command apt-get install tacacs+
  2. Now navigate to the file, /etc/tacacs+/tac_plus.conf. The following are the minimum changes required in the tac_plus.conf file.
    • You need to set a path to log the accounting data. You can also leave the default path as it is, if you don’t need to change.
    • Then you need to provide the secret key that you would be soon configuring on Mushroom’s UI.
      • Make sure that the secret key should match exactly on both Mushroom and the server config.
      • Also note that no whitespaces can be used in the secret key.
    • Then you have to edit the user section in the file, with your username (name_admin), password (pass_admin) and the service (raccess).
      • Make sure all these fields match exactly with those that you configure on the Mushroom’s UI.
      • You can use spaces in setting up your password, but you would need to uses double quotation marks (” “) to achieve this.
    • You can also add another user as shown in the screenshot, if you’ve multiple users setup on Mushroom.

Following screenshot is example configuration that you can use to setup your TACACS+ server.

Steps to configure the client on Mushroom device:

  1. Make sure that you device is in experimental mode.
  2. Navigate to the ‘ADMIN’ tab and click add in the ‘Web Users’ section.
  3. Choose the type as ‘Tacacs Web User Settings’. Create your username, password and click apply. Note that the ‘Admin’ status would be ‘True’ by default.
    • Only an Admin user will be having the authorization to change/edit settings on the Mushroom. If you’d wish to change the authorization to ‘read-only’ you can set the ‘Admin’ status as false.
    • Note: It is mandatory to create atleast one user with ‘Admin’ status as ‘True’.
  4. Now click on ‘authentication’ in the ‘Web Authentication Settings’ section. Choose the type as ‘Tacacs Web Authentication Settings’. 
    • Type – TACACS Web Authentication Settings.
    • Servers – Tacacs server IP, that you configured earlier with Tacacs server.
    • Secret – Enter the secret key (same as the one configured on Tacacs server, with no spaces)
    • Login – Choose the default login type as ‘Login’
    • Service – Enter the service name (same as the one configured on Tacacs server)
    • Protocol – Specify the protocol as ‘http’
    • Note: As soon as you click apply, you will be prompted to enter the login credentials that you’ve just created. When prompted, you would need to provide the username & the password (that you’ve created on your server). So make sure you know/entered the correct credentials in the ‘Tacacs Web User Settings’ & the Tacacs server.
  5. Note: We also recommend you to take a backup of you current config, just in case you get locked out of your device.
  6. If by any chance you get locked out of the Mushroom and not able to login back into the device, you can disable the authentication from the Mushroom’s CLI interface. Once you are on CLI interface, you can use the following commands to disable/edit the authentication:
    • Disable Authentication:
      change admin/authentication DisabledWebAuthentication:
    • Change to Basic Web authentication
      change admin/authentication BasicWebAuthentication:

© 2004 – 2024 Mushroom Networks Inc. All rights reserved.

Let’s chat. Call us at +1 (858) 452-1031 or fill the form: