Gateway

Configuring TACACS+ Authentication

You can configure a TACACS+ server for authentication. Similar to RADIUS authentication, TACACS+ uses a secret key, an IP address, and the port number. The default port number is 49.

To configure NetScaler Gateway to use a TACACS+ server, provide the server IP address and the TACACS+ secret. You need to specify the port only when the server port number in use is something other than the default port number of 49.

To configure TACACS+ authentication using user interface, perform the following steps.

  1. In the configuration utility, on the Configuration tab, expand NetScaler Gateway > Policies > Authentication.
  2. Click TACACS.
  3. In the details pane, click Add.
  4. In Name field, type a name for the policy.
  5. Next to Server field, click Add to create a new TACACS server or click Edit to make changes to an existing TACACS server.
  6. In Name field, type a name for the server.
  7. Under IP Address, type the IP address.
  8. Under Port, use the default port number 49.
  9. In TACACS Key field, type the key. In Confirm TACACS key field, type the same key to confirm.
  10. Click More.
  11. In Authorization, select ON and then click Create.
  12. In the Create Authentication TACACS Policy dialog box, select the Expression, click Create and then click Close.

To configure TACACS+ authentication using command line interface, type the following command.

add authentication tacacsAction <name> [-serverIP <ip_addr|ipv6_addr|*>][-serverPort <port>] [-authTimeout <positive_integer>] {-tacacsSecret }
[-authorization ( ON | OFF )] [-accounting ( ON | OFF )][-auditFailedCmds ( ON | OFF )] [-groupAttrName <string>][-defaultAuthenticationGroup <string>] [-Attribute1 <string>] [-Attribute2 <string>] [-Attribute3 <string>] [-Attribute4 <string>]
[-Attribute5 <string>] [-Attribute6 <string>] [-Attribute7 <string>] [-Attribute8 <string>] [-Attribute9 <string>] [-Attribute10 <string>]
[-Attribute11 <string>] [-Attribute12 <string>] [-Attribute13 <string>] [-Attribute14 <string>] [-Attribute15 <string>] [-Attribute16 <string>]
<!--NeedCopy-->

After you configure the TACACS+ server settings in NetScaler Gateway, bind the policy to make it active. You can bind the policy on either the global or virtual server level. For more information about binding authentication policies, see Binding Authentication Policies.

Configuring TACACS+ Authentication

In this article