Configuring Security Settings : Configuring TACACS+ Server Authentication
  
Configuring TACACS+ Server Authentication
You set up TACACS+ server authentication in the Settings > Security: TACACS+ page.
Enabling this feature is optional.
TACACS+ is an authentication protocol that enables a remote access server to forward a login password for a user to an authentication server to determine whether access is allowed to a given system.
For detailed information about configuring RADIUS and TACACS+ servers to accept login requests from a Riverbed appliance, see the SteelHead Deployment Guide.
To modify TACACS+ settings
1. Choose Settings > Security: TACACS+ to display the TACACS+ page.
2. Under Default TACACS+ Settings, complete the configuration using the controls described in this table.
Control
Description
Set a Global Default Key
Select this option to enable a global server key for the server.
Global Key
Specify the global server key.
Confirm Global Key
Confirm the global server key.
Timeout
Specify the time-out period in seconds (1 to 60). The default value is 3.
Retries
Specify the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default is 1.
3. Click Apply to apply the settings to the current configuration.
4. Click Save to save your settings permanently.
To add a TACACS+ server
1. Choose Settings > Security: TACACS+ to display the TACACS+ page.
2. Under TACACS+ Servers, click Add a TACACS+ Server and complete the configuration using the controls described in this table.
Control
Description
Add a TACACS+ Server
Displays the controls for defining a new TACACS+ server, as described in this table.
Server IP Address
Specify the server IP address.
Authentication Port
Specify the port for the server. The default value is 49.
Authentication Type
Select either PAP or ASCII as the authentication type.
Override the Global Default Key
Select this option to override the global server key for the server.
Server Key
Specify the override server key.
Confirm Server Key
Confirm the override server key.
Timeout
Specify the time-out period in seconds (1 to 60). The default is 3.
Retries
Specify the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default is 1.
Enabled
Enables the new server.
Add
Adds the TACACS+ server to the list.
Remove Selected
Select the check box next to the name and click Remove Selected.
Note: If you add a new server to your network and you do not specify these fields at that time, the global settings are applied automatically.
3. Click Save to save your settings permanently.