How to Configure TACACS+ Authentication

September 12, 2018

| Contributed by:

You can enable and configuring connections to Terminal Access Controller Access Control System (TACACS+) authentication servers. TACACS+ can then be used to authenticate users logging onto the appliances.

To use TACACS+, you must specify and configure at least one TACACS+ server. Optionally, you configure redundant backup servers, up to a maximum of three TACACS+ servers. The servers will be checked sequentially, starting with the server listed first in the Severs section.

Note

User accounts that use TACACS+ authentication are read-only accounts. Their users can view reports and the dashboard. These accounts do not have any administrative privileges.

To enable and configure TACACS+ authentication for the managed appliances:

In the SD-WAN Center web interface, click the Administration tab.
Click User/Authentication Settings.
In the TACACS+ Authentication section, select the Enable TACACS+ Authentication checkbox.

Note

RADIUS authentication will be disabled if it is currently enabled.
In the Timeout field, enter the time interval (in seconds) to wait for an authentication response from the TACACS+ server.

The time out value should be less than or equal to 10 seconds.
In the Authentication Type field, enter the encryption method to use to send the user name and password to the TACACS+ server.
In the Server Key field, enter a secret key to use when connecting to the TACACS+ servers.
In the Confirm Server Key fields, reenter the secret key.

Note

The Timeout, Authentication Type, and Server Key settings are applied to all the configured servers.
Click the plus icon (+) next to Servers to add a new TACACS+ server.
In the IP Address field, enter the host IP address for the TACACS+ server.
In the Port field, enter the port number at which this TACACS+ server will listen. The default port number is 49.
Click Apply.
Click Verify to verify the connection to the RADIUS server. The Verify TACACS+ Server Settings dialog box appears.
Enter a valid user name and password for the authentication servers, and click Verify.

To configure additional servers, repeat the steps 6 through 11.

The official version of this content is in English. Some of the Citrix documentation content is machine translated for your convenience only. Citrix has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Citrix product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Citrix, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Citrix will not be held responsible for any damage or issues that may arise from using machine-translated content.

Support: https://www.citrix.com/support

Feedback and forums: https://discussions.citrix.com

Version

How to Configure TACACS+ Authentication

How to Configure TACACS+ Authentication

How to Configure TACACS+ Authentication

In this article