[Contents] [Prev] [Next] [Index] [Report an Error]

Setting Up TACACS+ Authentication

To use TACACS+ authentication, you must configure at least one TACACS+ server.

The procedure provided in this section identifies the TACACS+ server, specifies the secret (password) of the TACACS+ server, and sets the source address of the Services Router's TACACS+ requests to the loopback address of the router. This procedure uses the following sample values:

The TACACS+ server's IP address is 172.16.98.24.
The TACACS+ server's secret is Tacacssecret1.
The loopback address of the router is 10.0.0.1.

To configure TACACS+ authentication:

Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Perform the configuration tasks described in Table 14.
If you are finished configuring the network, commit the configuration.
To completely set up TACACS+ authentication, you must create user template accounts and specify a system authentication order.
Go on to one of the following procedures:
- To specify a system authentication order, see Configuring Authentication Order.
- To configure a remote user template account, see Creating a Remote Template Account.
- To configure local user template accounts, see Creating a Local Template Account.

Table 14: Setting Up TACACS+ Authentication

Task	J-Web Configuration Editor	CLI Configuration Editor
Navigate to the System level in the configuration hierarchy.	In the configuration editor hierarchy, select System.	From the top of the configuration hierarchy enter edit system
Add a new TACACS+ server	In the Tacplus server box, click Add new entry. In the Address box, type the IP address of the TACACS+ server: 172.16.98.24	Set the IP address of the TACACS+ server: set tacplus-server address 172.16.98.24
Specify the shared secret (password) of the TACACS+ server. The secret is stored as an encrypted value in the configuration database.	In the Secret box, type the shared secret of the TACACS+ server: Tacacssecret1	Set the shared secret of the TACACS+ server: set tacplus-server 172.16.98.24 secret Tacacssecret1
Specify the source address to be included in the TACACS+ server requests by the router. In most cases, you can use the loopback address of the router.	In the Source address box, type the loopback address of the router: 10.0.0.1	Set the router's loopback address as the source address: set tacplus-server 172.16.98.24 source-address 10.0.0.1

[Contents] [Prev] [Next] [Index] [Report an Error]