TACACS+ provides detailed accounting information and flexible administrative control over the authentication and authorization processes.

1.Log in to System Management page.

2.In the System Management page, click User Accounts > External Authentication.

3. Select the Enable External Authentication check box to enable external authentication and click TACACS+.

4.Configure the following credentials to connect to the TACACS+ server.

Primary Server IP - the IP address of the primary TACACS+ server.

Secondary Server IP - the IP address of a backup TACACS+ server. It is used when the primary TACACS+ server is unavailable. If you do not have the backup server, leave this field empty.

Server Port - the port number used to listen for TACACS+ authentication requests and send responses. Make sure it is consistent with the port number you have configured in the TACACS+ server.

Secret Key - the password used to access the TACACS+ server. Make sure it is consistent with the key that you have configured in the TACACS+ server.

Login Mode - the authentication method used to encrypt the connections to the TACACS+ server. Four types of login modes are supported: Standard ASCII, PAP, CHAP, and MS-CHAP. Make sure it is consistent with the authentication method you have configured in the TACACS+ server.

Authentication Timeout - the time interval between sending authentication password and getting authentication response from the TACACS+ server. When the authentication time exceeds the threshold, it will be treated as authentication timeout and an error message will be displayed.

5.Assign domain access permissions and more privileges to the users in the TACACS+ server.

Tenant Access - select one or more tenants to assign the access permissions to all users in the TACACS+ server.

Tip: The accessible tenants can be modified in the Users tab after the users are synchronized.

Domain Access - select one or more domains under an accessible tenant to assign the access permissions to all users in the TACACS+ server.

Role - click Assign Roles to assign more domain privileges to all users in the TACACS+ server by role. See Share Policy for more details.

6.Click Save to commit the settings.

7.In the pop-up dialog box, enter the user name and password of any existing users in the TACACS+ server and click Verify to authenticate the connection.

After the connection is successfully verified, the users in the TACACS+ server can log in to the corresponding domains with the assigned roles and privileges immediately and they will be synchronized in the Users tab after the login.