Views:

Procedure

  1. On the Authentication screen, select the TACACS+ tab on the Authentication Configuration panel.
  2. Click Edit to the right of the Primary TACACS+ Server panel.
  3. In the dialog, configure the TACACS+ server options described in the following table.
    Setting Description
    IP Address / Hostname IP address or hostname of the TACACS+ server. The IP Address field can contain an IPv4, IPv6, or named IP address. The Hostname field can contain an unqualified hostname or a fully qualified hostname (hostname+domain name).
    Port Port on the TACACS+ server that listens for authentication requests; the default is port 49.
    Authentication Protocol
    Authentication method used on the TACACS+ server:
    • ASCII
    • PAP (default)
    • CHAP
    • MSCHAP (supported with IPS devices only)
    Secret/Confirm Secret Case-sensitive string used to encrypt and sign packets between TACACS+ clients and the TACACS+ server, set in the TACACS+ client configuration file. Maximum is 63 characters.
    Timeout Timeout, in seconds, for communication with the TACACS+ server. Default is 15.
    Attempts Number of times, between 1 and 10, communication with the TACACS+ server is attempted. Default is 3 attempts.
  4. Test the TACACS+ configuration by entering a valid User Name and Password for the server, and then clicking Test.
  5. Click OK to save the server configuration.
  6. If a TACACS+ server is already configured, click Reset to the right of the TACACS+ Server panel to delete that configuration.
    If the configuration you reset is the last configured TACACS+ server, and if TACACS+ is the current authentication choice, then the SMS changes the current authentication source to Local.

Next steps

You can also change the configuration of TACACS+ servers by selecting Devices > device-name > Authentication > TACACS+ Groups > Edit > TACACS+ Servers > Edit.