How to Configure TACACS+ Authentication

You can enable and configuring connections to Terminal Access Controller Access Control System (TACACS+) authentication servers. TACACS+ can then be used to authenticate users logging onto the appliances.

To use TACACS+, you must specify and configure at least one TACACS+ server. Optionally, you configure redundant backup servers, up to a maximum of three TACACS+ servers. The servers will be checked sequentially, starting with the server listed first in the Severs section.

Note

User accounts that use TACACS+ authentication are read-only accounts. Their users can view reports and the dashboard. These accounts do not have any administrative privileges.

To enable and configure TACACS+ authentication for the managed appliances:

1. In the SD-WAN Center web interface, click the Administration tab.

2. Click User/Authentication Settings.

3. In the TACACS+ Authentication section, select the Enable TACACS+ Authentication checkbox.

   Note

   RADIUS authentication will be disabled if it is currently enabled.

4. In the Timeout field, enter the time interval (in seconds) to wait for an authentication response from the TACACS+ server.

   The time out value should be less than or equal to 10 seconds.

5. In the Authentication Type field, enter the encryption method to use to send the user name and password to the TACACS+ server.

6. In the Server Key field, enter a secret key to use when connecting to the TACACS+ servers.

7. In the Confirm Server Key fields, reenter the secret key.

   Note

   The Timeout, Authentication Type, and Server Key settings are applied to all the configured servers.

8. Click the plus icon (+) next to Servers to add a new TACACS+ server.

9. In the IP Address field, enter the host IP address for the TACACS+ server.

10. In the Port field, enter the port number at which this TACACS+ server will listen. The default port number is 49.

    

11. Click Apply.

12. Click Verify to verify the connection to the RADIUS server. The Verify TACACS+ Server Settings dialog box appears.

    

13. Enter a valid user name and password for the authentication servers, and click Verify.

    To configure additional servers, repeat the steps 6 through 11.