You set up TACACS+ server authentication under Administration > Security: TACACS+.

TACACS+ is an authentication protocol that allows a remote access server to forward a login password for a user to an authentication server to determine whether access is allowed to a given system.

Enabling this feature is optional.

You can prioritize local, RADIUS, and TACACS+ authentication methods for the system and set the authorization policy and default user for RADIUS and TACACS+ authorization systems under Administration > Security: General Settings.

For details about configuring RADIUS and TACACS+ servers to accept login requests from the Edge, see the SteelHead Deployment Guide.

Under Default TACACS+ Settings, these configuration options are available:

Enables a global server key for the server.

Specifies the global server key.

Confirms the global server key.

Specifies the time-out period in seconds (1 to 60). The default value is 3.

Specifies the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default is 1.

To add or remove a TACACS+ server, these configuration options are available:

Displays the controls for defining a new TACACS+ server.

Specifies the hostname or server IP address.

Specifies the port for the server. The default value is 49.

Specifies either PAP or ASCII as the authentication type. The default value is PAP.

Overrides the global server key for the server.

Specifies the override server key.

Confirms the override server key.

Specifies the time-out period in seconds (1 to 60). The default is 3.

Specifies the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default is 1.

Enables the new server.

If you add a new server to your network and you do not specify these fields, the system automatically applies the default settings.