TACACS+

Reference: Policy Pages Reference : Security policy settings : TACACS+

TACACS+

You set up TACACS+ server authentication for the selected security policy in the TACACS+ page.

Enabling this feature is optional.

TACACS+ is an authentication protocol that enables a remote access server to forward a login password for a user to an authentication server to determine whether access is allowed to a given system.

For details about TACACS+, see the SteelHead User Guide.

The TACACS+ page contains these groups of settings:

• Default TACACS+ settings

• TACACS+ servers

Default TACACS+ settings

These configuration options are available:

Set a Global Default Key

Enables a global server key for the server.

Global Key

Specifies the global server key.

Leave it unchanged to leave the global key unchanged.

Confirm Global Key

confirms the global server key.

Timeout (seconds)

Specifies the time-out period in seconds (1 to 60). The default value is 3.

Retries

Specifies the number of times you want to allow the user to retry authentication. Valid values are 0 to 5. The default is 1.

TACACS+ servers

These configuration options are available:

Add a TACACS+ Server

Displays the controls for defining a new TACACS+ server as described in this table.

Hostname or IP Address

Specifies the server IP address.

Authentication Port

Specifies the port for the server. The default value is 49.

Authentication Type

Specifies the authentication type. Click either PAP or ASCII.

Override the Global Default Key

Overrides the global server key for the server.

• Server Key—Specify the override server key.

• Confirm Server Key—Confirm the override server key.

Timeout (seconds)

Specifies the time-out period in seconds (1 to 60). The default is 3.

Retries

Specifies the number of times you want to allow the user to retry authentication. Valid values are 0 to 5. The default is 1.

Enabled

Enables the new server.

Add

Adds the TACACS+ server to the list.