How to Configure TACACS+ Authentication
You can enable and configuring connections to Terminal Access Controller Access Control System (TACACS+) authentication servers. TACACS+ can then be used to authenticate users logging onto the appliances.
To use TACACS+, you must specify and configure at least one TACACS+ server. Optionally, you configure redundant backup servers, up to a maximum of three TACACS+ servers. The servers will be checked sequentially, starting with the server listed first in the Severs section.
Note
User accounts that use TACACS+ authentication are read-only accounts. Their users can view reports and the dashboard. These accounts do not have any administrative privileges.
To enable and configure TACACS+ authentication for the managed appliances:
-
In the SD-WAN Center web interface, click the Administration tab.
-
Click User/Authentication Settings.
-
In the TACACS+ Authentication section, select the Enable TACACS+ Authentication checkbox.
Note
RADIUS authentication will be disabled if it is currently enabled.
-
In the Timeout field, enter the time interval (in seconds) to wait for an authentication response from the TACACS+ server.
The time out value should be less than or equal to 10 seconds.
-
In the Authentication Type field, enter the encryption method to use to send the user name and password to the TACACS+ server.
-
In the Server Key field, enter a secret key to use when connecting to the TACACS+ servers.
-
In the Confirm Server Key fields, reenter the secret key.
Note
The Timeout, Authentication Type, and Server Key settings are applied to all the configured servers.
-
Click the plus icon (+) next to Servers to add a new TACACS+ server.
-
In the IP Address field, enter the host IP address for the TACACS+ server.
-
In the Port field, enter the port number at which this TACACS+ server will listen. The default port number is 49.
-
Click Apply.
-
Click Verify to verify the connection to the RADIUS server. The Verify TACACS+ Server Settings dialog box appears.
-
Enter a valid user name and password for the authentication servers, and click Verify.
To configure additional servers, repeat the steps 6 through 11.