Configure TACACS+ authentication. See tacacs-server for CLI details.
|
•
|
Key—A shared secret text string. If no key is set, the user is prompted for the key.
|
|
•
|
|
•
|
Retransmit—The number of times the client attempts to authenticate with any TACACS+ server. Range is 0-5, default is 1.
|
|
•
|
Server—The configured IP address for this TACACS+ server.
|
|
•
|
Auth-Port—The configured port for authentication requests to this server.
|
|
•
|
Auth-Type—The configured type of authentication this TACACS+ server will use.
|
|
•
|
Key— The configured shared secret text string. If empty, the user is prompted for the key.
|
|
•
|
Timeout—The configured timeout for retransmitting a request.
|
|
•
|
Retransmit—The configured number of times a client may attempt to authenticate.
|
|
•
|
Enabled—Whether or not this TACACS+ server is enabled. Disabling a server makes it inactive but does not delete it from the system.
|
Add a new TACACS+ server, see Figure 34, next; you need this information:
|
•
|
Enabled—The server must be enabled to do authentication.
|
|
•
|
Server IP—IP address for the server.
|
|
•
|
Auth Port—The port authentication requests should come in on; default is 49. You can use the same IP address in more than one host as long as the auth-port is different.
|
|
•
|
Auth Type—Which type of authentication this TACACS+ server will use; both authentication types transmit the username and password in un-encrypted text and are acceptable when passwords are stored in an external database. Choose either:
|
|
•
|
ascii—American Standard Code for Information Interchange.
|
|
•
|
pap—Password authentication protocol (default).
|
To override defaults for a new TACACS+ server, you can also specify different Key, Timeout, and Retransmit values for this TACACS+ server from the default TACACS+ settings you made above.
Click Add TACACS+ Server to complete operation. Click Save at the top of the page to make changes persistent across reboots.
Figure 34 System Config > TACACS+ Page Detail