In this section:

Modified: for 12.1.4

Use this parameter to control the behavior of the SBC TACACS+ client when authenticating errors occur with the TACACS+ server.

Terminal Access Controller Access-Control System (TACACS) refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. TACACS Plus (TACACS+) has largely replaced its predecessors and is a separate protocol that handles authentication, authorization, and accounting (AAA) services. 

The SBC Core supports the TACACS+ protocol to allow the authentication of username/password information when logging into the SBC CLI or to access the Confd database using NETCONF. The SBC uses TCP/IP to communicate with the TACACS+ server.  

  • TACACS+ is similar to RADIUS in a number of ways.  Both are relatively insecure by today's cryptography standards since the TLS transport is not supported.
  • TACACS+ uses TCP for reliable communication, whereas RADIUS uses UDP.
  • TACACS+ separates out the Authorization functionality, while RADIUS combines both Authentication and Authorization functionality.

(The TACACS+ protocol is specified in RFC 8907 "The Terminal Access Controller Access-Control System Plus (TACACS+) Protocol")

To View Retry Criteria

On the SBC main screen, go to All > OAM > Tacacs Plus Authentication > Retry Criteria. The Retry Criteria window is displayed.

To Edit Retry Criteria

 To edit a Retry Criteria in the list, click the radio button next to it. The Edit Retry Criteria Window is displayed.


 

Parameter

Length/Range

Description

Retry Timer

500-45000

Enter the time in milliseconds to elapse before the SBC attempts another authentication request for this TACACS+ server.

The default value is 1000.

Retry Count 

 

1-3

Enter the number of retries the SBC uses to attempt authentication.

The default value is 3.

Oos Duration

0-300

Specify the time in minutes the TACACS+ server remains out-of-service after a timeout. 

The default value is 60.