You set up TACACS+ server authentication in the TACACS+ page. TACACS+ is an authentication protocol that allows a remote access server to forward a login password for a user to an authentication server to determine whether access is allowed to a given system. Enabling this feature is optional.

You can prioritize local, RADIUS, and TACACS+ authentication methods for the system and set the authorization policy and default user for RADIUS and TACACS+ authorization systems in the Security > General Settings page.

For details about configuring RADIUS and TACACS+ servers to accept login requests from the SteelHead, see the SteelHead Deployment Guide.

You set a TACACS server under Administration > Security: TACACS+.

These configuration options are available under Default TACACS+ Settings:

Set a Global Default Key enables a global server key for the server.

Global Key specifies the global server key.

Confirm Global Key confirms the global server key.

Timeout specifies the time-out period in seconds (1 to 60). The default value is 3.

Retries specifies the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default is 1.

Add a TACACS+ Server displays the controls for adding a TACACS+ server.

Hostname or IP Address specifies the hostname or server IP address.

Authentication Port specifies the port for the server. The default value is 49.

Authentication Type specifies either PAP or ASCII as the authentication type. The default value is PAP.

Override the Global Default Key overrides the global server key for the server.

Server Key specifies the override server key.

Confirm Server Key confirm the override server key.

Timeout specifies the time-out period in seconds (1 to 60). The default is 3.

Retries specifies the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default is 1.

Enabled enables the new server.

Add adds the TACACS+ server to the list.