Configuring TACACS+ access
Settings for TACACS+ server authentication are under Administration > Security: TACACS+.
TACACS+ is an authentication protocol that allows a remote access server to forward a login password for a user to an authentication server to determine whether access is allowed to a given system.
Enabling this feature is optional.
Settings to prioritize local, RADIUS, and TACACS+ authentication methods for the system and to set the authorization policy and default user for RADIUS and TACACS+ authorization systems are under Administration > Security: General Settings.
For details about configuring RADIUS and TACACS+ servers to accept login requests from the SteelHead, see the SteelHead Deployment Guide.
TACACS+ page
Under Default TACACS+ Settings, these configuration settings are available:
Set a Global Default Key enables a global server key for the server.
Global Key specifies the global server key.
Confirm Global Key confirms the global server key.
Timeout specifies the time-out period in seconds (1 to 60). The default value is 3.
Retries specifies the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default is 1.
To add or remove a TACACS+ server, these configuration settings are available:
Add a TACACS+ Server displays the controls for defining a new TACACS+ server.
Hostname or IP Address specifies the hostname or server IP address.
Authentication Port specifies the port for the server. The default value is 49.
Authentication Type indicates either PAP or ASCII as the authentication type. The default value is PAP.
Override the Global Default Key overrides the global server key for the server.
Server Key specifies the override server key.
Confirm Server Key confirms the override server key.
Timeout specifies the time-out period in seconds (1 to 60). The default is 3.
Retries specifies the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default is 1.
Enabled enables the new server.
Add adds the TACACS+ server to the list.
If you add a new server to your network and you don’t specify these fields, the system automatically applies the default settings.