In this section:
Modified: for 12.1.4
Use this section to configure the TACACS Plus Server. To configure Argument Names for a server, go to TACACS Plus Server - Argument Names.
Terminal Access Controller Access-Control System (TACACS) refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. TACACS Plus (TACACS+) has largely replaced its predecessors and is a separate protocol that handles authentication, authorization, and accounting (AAA) services. The SBC Core supports the TACACS+ protocol to allow the authentication of username/password information when logging into the SBC CLI or to access the Confd database using NETCONF. The SBC uses TCP/IP to communicate with the TACACS+ server. (The TACACS+ protocol is specified in RFC 8907 "The Terminal Access Controller Access-Control System Plus (TACACS+) Protocol")
To View TACACS Plus Server List
On the SBC main screen, go to All > OAM > Tacacs Plus Authentication > Tacacs Plus Server. The Tacacs Plus Server List window is displayed.
To Create a TACACS Plus Server
Click the New Tacacs Plus Server tab on the Tacacs Plus Server List panel. The Create New Tacacs Plus Server window is displayed.
Populate the fields and choose desired options, then click Save.
To Edit a TACACS Plus Server
To edit a TACACS Plus Server, click the radio button next to it. The Edit Selected Tacacs Plus Server window is displayed.
Make required changes using the Parameters table below for guidance and click Save.
Parameter | Length/Range | Description | Mandatory |
|---|---|---|---|
| Server Name | Up to 23 characters | Enter the name of this TACACS+ server. | Yes |
| Priority | 1-4 | Enter the priority of this TACACS+ server, with "1" representing the highest priority. Note
The SBC tries the highest priority server first if that server is in service. If the highest priority server is not in service, the servers with priorities 2 through 4 are tried in order. | Yes |
| Secret Key | 8-63 characters | Enter the TACACS+ shared secret key. | Yes |
| Authentication Type | N/A | The authentication type to use for this TACACS+ server.
| Yes |
| Tacacs Plus Server Address | IPv4/IPv6 address or FQDN | <IP address or FQDN> – Enter the IPv4/IPv6 address or FQDN of the TACACS+ server. | Yes |
| Tacacs Plus Server Port | 1-65535 | Enter the port number of the TACACS+ server (Must be a valid TCP port number). The default value is 49. | No |
| Privilege Level | N/A | The privilege level to which the user is authenticating.
| Yes |
| Port | Up to 255 characters | The name of the client port on which the authentication is taking place. (This has no relation to the Tacacs Plus Server Port field) | Yes |
| Authen Service | N/A | Enter the service that is requesting the authentication.
| No |
| Bind To Rem Addr | N/A | Set this flag to true to bind to the IP address specified in the Rem Addr to ensure the packet source address matches it.
| No |
| Rem Addr | Up to 255 characters | The remote location from which the user has connected to the client. This is basically the address of the client. | Yes |
| Group Name Attribute | N/A | Choose the AVP name returned from the TACACS+ server containing the group name of the user logging on. | Yes |
| State | N/A | Use this flag to set the state of this TACACS+ server.
| No |
| Authentication Failure Option | N/A | Use this parameter to choose the SBC's next action if authentication fails.
(This parameter is useful if the configured TACACS+ servers use different attributes or user names) | No |
To Copy a TACACS Plus Server
To copy a Tacacs Plus Server in the list, click the radio button next to it. The Edit Selected Tacacs Plus Server window is displayed.
- Click the Copy Tacacs Plus Server tab. The Copy Selected Tacacs Plus Server window is displayed.
- Enter a new Server Name.
- Make required edits.
- Click Save.
To Delete a TACACS Plus Server
To delete a Tacacs Plus Server in the list, click the radio button next to it.
- Click the "Delete"
button at the end of the row. - When prompted, click Yes.
TACACS Plus Server Commands
Overview
Content Tools