TACACS+ provides detailed accounting information and flexible administrative control over the authentication and authorization processes.
2.In the System Management page, click User Accounts > External Authentication.
3. Select the Enable External Authentication check box to enable external authentication and click TACACS+.
4.Configure the following credentials to connect to the TACACS+ server.
▪Primary Server IP — the IP address of the primary TACACS+ server.
▪Secondary Server IP — the IP address of a backup TACACS+ server. It is used when the primary TACACS+ server is unavailable. If you do not have the backup server, leave this field empty.
▪Server Port — the port number used to listen for TACACS+ authentication requests and send responses. Make sure it is consistent with the port number you have configured in the TACACS+ server.
▪Secret Key — the password used to access the TACACS+ server. Make sure it is consistent with the key that you have configured in the TACACS+ server.
▪Login Mode — the authentication method used to encrypt the connections to the TACACS+ server. Four types of login modes are supported: Standard ASCII, PAP, CHAP, and MS-CHAP. Make sure it is consistent with the authentication method you have configured in the TACACS+ server.
▪Authentication Timeout — the time interval between sending authentication password and getting authentication response from the TACACS+ server. When the authentication time exceeds the threshold, it will be treated as authentication timeout and an error message will be displayed.
▪Tenant Access — select one or more tenants to assign the access permissions to all users in the TACACS+ server.
▪Domain Access — select one or more domains under an accessible tenant to assign the access permissions to all users in the TACACS+ server.
▪Role — click Assign Roles to assign more domain privileges to all users in the TACACS+ server by role. See Share Policy for more details.
6.Click Save to commit the settings.
7.In the pop-up dialog box, enter the user name and password of any existing users in the TACACS+ server and click Verify to authenticate the connection.
After the connection is successfully verified, the users in the TACACS+ server can log in to the corresponding domains with the assigned roles and privileges immediately and they will be synchronized in the Users tab after the login.