Table of Contents
Advertisement
User authentication
c. (Optional) Change the default Port setting to the appropriate port. Normally this should be
left at the default setting of port 49.
d. For Secret, type the TACACS+ server's shared secret. This is configured in the key
parameter of the TACACS+ server's tac_plus.conf file, for example:
key = testing123
Note
DAL authentication does not support the use of the # character in the key (e.g.,
DAL#123;&). If included, the server will be unable to decipher the request.
e. (Optional) Click again to add additional TACACS+ servers.
5. (Optional) Enable Authoritative to prevent other authentication methods from being
attempted if TACACS+ login fails.
6. (Optional) For Group attribute, type the name of the attribute used in the TACACS+ server's
configuration to identify the IX20 authentication group or groups that the user is a member of.
For example, in
file is groupname, which is also the default setting in the IX20 configuration.
7. (Optional) For Service, type the value of the service attribute in the the TACACS+ server's
configuration. For example, in
the sample tac_plus.conf file is system, which is also the default setting in the IX20
configuration.
8. (Optional) Enable Command authorization, which instructs the device to communicate with
the TACACS+ server to determine if the user is authorized to execute a specific command. Only
the first configured TACACS+ server will be used for command authorization.
9. (Optional) Enable Command accounting, which instructs the device to communicate with the
TACACS+ server to log commands that the user executes. Only the first configured TACACS+
server will be used for command accounting.
10. Add TACACS+ to the authentication methods:
a. Click Authentication > Methods.
b. For Add method, click .
c. Select TACACS+ for the new method from the Method drop-down.
Authentication methods are attempted in the order they are listed until an authentication
response, either pass or fail, is received. If Authoritative is enabled (see above), non-
authoritative methods are not attempted. See
methods
for information about rearranging the position of the methods in the list.
IX20 User Guide
Terminal Access Controller Access-Control System Plus (TACACS+)
TACACS+ user
configuration, the group attribute in the sample tac_plus.conf
TACACS+ user
configuration, the value of the service attribute in
Rearrange the position of authentication
898
Advertisement
Table of Contents
