Procedure
- On the Device Configuration Authentication Preferences screen, select the TACACS+ as Authentication Source option in the Remote Authentication section.
- In the TACACS+ Servers section, click Edit next to the Primary, Secondary, or Tertiary Server IP to configure a TACACS+ server.
- In the TACACS+ Server Configuration dialog, configure the TACACS+ server options described
in the following table.
Setting Description IP Address / Hostname IP address or hostname of the TACACS+ server. The IP Address field can contain an IPv4, IPv6, or named IP address. The Hostname field can contain an unqualified hostname or a fully qualified hostname (hostname+domain name). Port Port, between 1 and 65535, on the TACACS+ server that listens for authentication requests; the default is port 49. Authentication Protocol Authentication method used on the TACACS+ server:Secret/Confirm Secret Case-sensitive string used to encrypt and sign packets between TACACS+ clients and the TACACS+ server, set in the TACACS+ client configuration file. Maximum is 63 characters. Timeout Timeout, between 1 and 15 seconds, for communication with the TACACS+ server. Default is 15. Attempts Number of times, between 1 and 10, communication with the TACACS+ server is attempted. Default is 3 attempts. 
Note
An IPS device that is managed by the SMS cannot have more than one TACACS+ server configured with duplicate IP address, port, and authentication protocol settings. - Test the TACACS+ configuration by entering a valid User Name and Password for the server, and then clicking Test.
- Click
OK. This saves the server configuration changes to the Device Configuration dialog only.
Important
To save any of the device configuration changes you just made, you must click OK on the Device Configuration wizard.