Managing SteelHeads : Configuring TACACS+ access
  
Configuring TACACS+ access
You set up TACACS+ server authentication in the Administration > Security: TACACS+ page.
TACACS+ is an authentication protocol that allows a remote access server to forward a login password for a user to an authentication server to determine whether access is allowed to a given system.
Enabling this feature is optional.
You can prioritize local, RADIUS, and TACACS+ authentication methods for the system and set the authorization policy and default user for RADIUS and TACACS+ authorization systems in the Administration > Security: General Settings page.
For details about configuring RADIUS and TACACS+ servers to accept login requests from the SteelHead, see the SteelHead Deployment Guide.
To set a TACACS+ server
1. Choose Administration > Security: TACACS+ to display the TACACS+ page.
TACACS+ page
2. Under Default TACACS+ Settings, complete the configuration as described in this table.
Control
Description
Set a Global Default Key
Enables a global server key for the server.
Global Key
Specify the global server key.
Confirm Global Key
Confirms the global server key.
Timeout
Specify the time-out period in seconds (1 to 60). The default value is 3.
Retries
Specify the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default is 1.
3. Click Apply to apply your changes to the running configuration.
4. To add or remove a TACACS+ server, complete the configuration as described in this table.
Control
Description
Add a TACACS+ Server
Displays the controls for defining a new TACACS+ server.
Hostname or IP Address
Specify the hostname or server IP address.
Authentication Port
Specify the port for the server. The default value is 49.
Authentication Type
Select either PAP or ASCII as the authentication type. The default value is PAP.
Override the Global Default Key
Specify this option to override the global server key for the server.
Server Key
Specify the override server key.
Confirm Server Key
Confirm the override server key.
Timeout
Specify the time-out period in seconds (1 to 60). The default is 3.
Retries
Specify the number of times you want to allow the user to retry authentication. Valid values are from 0 to 5. The default is 1.
Enabled
Enables the new server.
Add
Adds the TACACS+ server to the list.
Remove Selected
Select the check box next to the name and click Remove Selected.
If you add a new server to your network and you don’t specify these fields, the system automatically applies the default settings.
5. Click Save to Disk to save your settings permanently.
Related topic
Configuring general security settings