[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Setting Up TACACS+ Authentication

To use TACACS+ authentication, you must configure at least one TACACS+ server.

The procedure provided in this section identifies the TACACS+ server, specifies the secret (password) of the TACACS+ server, and sets the source address of the Services Router's TACACS+ requests to the loopback address of the device. This procedure uses the following sample values:

The TACACS+ server's IP address is 172.16.98.24.
The TACACS+ server's secret is Tacacssecret1.
The loopback address of the device is 10.0.0.1.

To configure TACACS+ authentication:

Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor.
Perform the configuration tasks described in Table 41.
If you are finished configuring the network, commit the configuration.
To completely set up TACACS+ authentication, you must create user template accounts and specify a system authentication order.
Go on to one of the following procedures:
- To specify a system authentication order, see Configuring Authentication Order.
- To configure a remote user template account, see Creating a Remote Template Account.
- To configure local user template accounts, see Creating a Local Template Account.

Table 41: Setting Up TACACS+ Authentication

Task	J-Web Configuration Editor	CLI Configuration Editor
Navigate to the System level in the configuration hierarchy.	In the J-Web interface, select Configuration>View and Edit>Edit Configuration. Next to System, click Configure or Edit.	From the [edit] hierarchy level, enter edit system
Add a new TACACS+ server	In the Tacplus server box, click Add new entry. In the Address box, type the IP address of the TACACS+ server: 172.16.98.24	Set the IP address of the TACACS+ server: set tacplus-server address 172.16.98.24
Specify the shared secret (password) of the TACACS+ server. The secret is stored as an encrypted value in the configuration database.	In the Secret box, type the shared secret of the TACACS+ server: Tacacssecret1	Set the shared secret of the TACACS+ server: set tacplus-server 172.16.98.24 secret Tacacssecret1
Specify the source address to be included in the TACACS+ server requests by the device. In most cases, you can use the loopback address of the device.	In the Source address box, type the loopback address of the device: 10.0.0.1	Set the device's loopback address as the source address: set tacplus-server 172.16.98.24 source-address 10.0.0.1

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]