NetScaler Gateway

Configuring TACACS+ Authentication

You can configure a TACACS+ server for authentication. Similar to RADIUS authentication, TACACS+ uses a secret key, an IP address, and the port number. The default port number is 49.

To configure NetScaler Gateway to use a TACACS+ server, provide the server IP address and the TACACS+ secret. You need to specify the port only when the server port number in use is something other than the default port number of 49.

To configure TACACS+ authentication using user interface, perform the following steps.

  1. In the configuration utility, on the Configuration tab, expand NetScaler Gateway > Policies > Authentication.
  2. Click TACACS.
  3. In the details pane, click Add.
  4. In Name, type a name for the policy.
  5. Next to Server, click New.
  6. In Name, type a name for the server.
  7. Under Server, type the IP address and port number of the TACACS+ server.
  8. Under TACACS server information, in TACACS Key and Confirm TACACS key, type the key.
  9. In Authorization, select ON and then click Create.
  10. In the Create Authentication Policy dialog box, next to Named Expressions, select the expression, click Add Expression, click Create and then click Close.

To configure TACACS+ authentication using command line interface, type the following command.

add authentication tacacsAction <name> [-serverIP <ip_addr|ipv6_addr|*>][-serverPort <port>] [-authTimeout <positive_integer>] {-tacacsSecret }
[-authorization ( ON | OFF )] [-accounting ( ON | OFF )][-auditFailedCmds ( ON | OFF )] [-groupAttrName <string>][-defaultAuthenticationGroup <string>] [-Attribute1 <string>] [-Attribute2 <string>] [-Attribute3 <string>] [-Attribute4 <string>]
[-Attribute5 <string>] [-Attribute6 <string>] [-Attribute7 <string>] [-Attribute8 <string>] [-Attribute9 <string>] [-Attribute10 <string>]
[-Attribute11 <string>] [-Attribute12 <string>] [-Attribute13 <string>] [-Attribute14 <string>] [-Attribute15 <string>] [-Attribute16 <string>]

After you configure the TACACS+ server settings in NetScaler Gateway, bind the policy to make it active. You can bind the policy on either the global or virtual server level. For more information about binding authentication policies, see Binding Authentication Policies.

Configuring TACACS+ Authentication

In this article