Table of Contents
Advertisement
Field/setting
Timeout
Retries
Shared secret,
Confirm shared secret
1) To verify settings, click Test Connection to check if you can connect to the new server successfully.
2) Click Add Server. The new Radius server is listed on the RADIUS page.
3) To add more servers, repeat the same steps.
4) In the RADIUS page, use the arrow buttons to arrange the servers in the order they should be
accessed, then click Save.
5) Make sure RADIUS is enabled: Go to Device Settings > Security > Authentication, and select RADIUS
as the Authentication Type.
Adding TACACS+ Servers
To use TACACS+ authentication, add the server information and enable TACACS+.
Note: You need to create a new custom service attribute called Xerus on the
TACACS+ server. This attribute value will match the role name (case sensitive) on
the PRO4X. In the authorization request to the TACACS+ server, the PRO4X will
send a request for Xerus as a custom service attribute. TACACS+ server then
returns the roles of the authenticated user in the Xerus: roles attribute. Returning
multiple roles separated by a slash, for example, role1/role2, is supported. See
Cisco ISE Xerus TACACS+ Authentication
▶
To add TACACS+ servers:
1) Choose Device Settings > Security > TACACS+.
2) Click New.
3) Enter information.
Field/setting
IP address / hostname The IP address or hostname of your TACACS+ server.
Description
This sets the maximum amount of time to establish contact with the Radius server
before timing out.
Type the timeout period in seconds.
Type the number of retries.
The shared secret is necessary to protect communication with the Radius server.
Description
(on page ) for configuration.
257
Advertisement
Table of Contents
Need help?
Do you have a question about the Server Technology PRO4X and is the answer not in the manual?