<< Click here to display Table of Contents >>

Configuring TACACS+ Authentication

Contents

1.Log into System Management page.

2.In the System Management page, click User Accounts > External Authentication.

3.Click the icon and select Add TACACS+ Authentication from the drop-down list.

1)Enter a unique name to identify the TACACS+ server and a brief description.

2)Enter the credentials to connect to the TACACS+ server. See TACACS+ Server Settings for more details.

3)Assign domain access permissions and more privileges to the users on the TACACS+ server.

▪Tenant Access — select one or more tenants to assign the access permissions to all users on the TACACS+ server.

Tip: The accessible tenants can be modified on the Users tab after the users are synchronized.

▪Domain Access — select one or more domains under an accessible tenant to assign the access permissions to all users on the TACACS+ server.

▪Role — click Assign Roles to assign more domain privileges to all users by role on the TACACS+ server. See Share Policy for more details.

Tip: If all the built-in role can't satisfy your requirement, click Add Role to create one. See Adding a role for more details.

4)To apply the privilege settings to all existing users on the TACACS+ server, click Apply this setting to existing users. Click Yes in the Confirmation dialog box.

5)Click Save to commit the settings.

6)In the pop-up dialog, enter the username and password of any existing users on the TACACS+ server and click Verify to authenticate the connection.

7)Click OK in the pop-up dialog box.

8)By default, the authentication configuration is enabled. To disable it, clear the Enable check box on the External Authentication tab.

After the connection is successfully verified, the users on the TACACS+ server can log into the corresponding domains with the assigned roles and privileges immediately, and they will be synchronized under the Users tab after the login.

TACACS+ Server Settings

The following table lists the credentials that are required when connecting to a TACACS+ server.

Field	Description
Primary Server IP	The IP address of the primary TACACS+ server.
Secondary Server IP	The IP address of a backup TACACS+ server. It is used when the primary TACACS+ server is unavailable. If you do not have the backup server, leave this field empty.
Server Port	The port number used to listen for TACACS+ authentication requests and send responses. Make sure it is consistent with the port number you have configured on the TACACS+ server.
Secret Key	The password used to access the TACACS+ server. Make sure it is consistent with the key that you have configured on the TACACS+ server.
Login Mode	The authentication method used to encrypt the connections to the TACACS+ server. Four types of login modes are supported: Standard ASCII, PAP, CHAP, and MS-CHAP. Make sure it is consistent with the authentication method you have configured on the TACACS+ server.
Authentication Timeout	The time interval between sending authentication password and getting an authentication response from the TACACS+ server. When the authentication time exceeds the threshold, it will be treated as an authentication timeout and an error message will be displayed.