26
27
session is permitted.
2. Dene the Console, Telnet, and Secure Telnet (SSH) elds.
3. Map the authentication method in the Secure HTTP selection box.
4. Map the authentication method in the HTTP selection box.
5. Click . The authentication mapping is saved, and the device is updated.
5.1.1.5 Dening TACACS+ Host Settings
Terminal Access Controller Access Control System (TACACS+) provides centralized security user access validation. The
system supports up-to 4 TACACS+ servers.
TACACS+ provides a centralized user management system, while still retaining consistency with RADIUS and other
authentication processes. TACACS+ provides the following services:
Authentication — Provides authentication during login and via user names and user-dened passwords.
Authorization — Performed at login. Once the authentication session is completed, an authorization session starts using
the authenticated user name.
The TACACS+ protocol ensures network integrity through encrypted protocol exchanges between the client and TACACS+
server.
Note:
The TACACS+ default parameters are user-assigned defaults. The default settings are applied to newly dened TACACS+
servers. If default values are not dened, the system defaults are applied to the new TACACS+ servers.
To dene TACACS+ authentication settings:
1. Click Security > Management Security > Authentication > TACACS+. The TACACS+ Page opens:
Figure 33: TACACS+ Page
The Default Parameters section contains the following
elds:
Source IP Address — Defines the default device
source IP address used for the TACACS+ session
between the device and the TACACS+ server.
Key String (1-128 Characters) — Defines the
authentication and encryption key for TACACS+
communications between the device and the TACACS+ server. This key must match the encryption used on the
TACACS+ server.
Timeout for Reply — Denes the default time that passes before the connection between the device and the TACACS+
times out. The default is 5.
The TACACS+ Page also contains the following elds:
Host IP Address — Denes the TACACS+ Server IP address.
Priority — Denes the order in which the TACACS+ servers are used. The eld range is 0-65535. The default is 0.
Source IP Address — Denes the device source IP address used for the TACACS+ session between the device and
the TACACS+ server.
Authentication Port (0-65535) — Denes the port number via which the TACACS+ session occurs. The default port is
port 49.