In this section:

Modified: for 12.1.4

Use this parameter to control the behavior of the SBC TACACS+ client when authenticating errors occur with the TACACS+ server.

Terminal Access Controller Access-Control System (TACACS) refers to a family of related protocols handling remote authentication and related services for network access control through a centralized server. TACACS Plus (TACACS+) has largely replaced its predecessors and is a separate protocol that handles authentication, authorization, and accounting (AAA) services. 

The SBC Core supports the TACACS+ protocol to allow the authentication of username/password information when logging into the SBC CLI or to access the Confd database using NETCONF. The SBC uses TCP/IP to communicate with the TACACS+ server.  

  • TACACS+ is similar to RADIUS in a number of ways.  Both are relatively insecure by today's cryptography standards since the TLS transport is not supported.
  • TACACS+ uses TCP for reliable communication, whereas RADIUS uses UDP.
  • TACACS+ separates out the Authorization functionality, while RADIUS combines both Authentication and Authorization functionality.

(The TACACS+ protocol is specified in RFC 8907 "The Terminal Access Controller Access-Control System Plus (TACACS+) Protocol")

To View Group Names List

On the SBC main screen, go to All > OAM > Tacacs Plus Authentication > Tacacs Plus Group Names. The Tacacs Plus Group Names List window is displayed.

To Create a Group Name

Click the New Tacacs Plus Group Names tab on the Tacacs Plus Group Names List panel. The Create New Tacacs Plus Group Names window is displayed.

Populate the fields and click Save.

Parameter

Length/Range

Description

Tacacs Plus Group Name

Up to 255 characters

<Name> – Enter the argument value returned from the TACACS+ query.

Sbc Group Name

1-23 characters

Enter the group name to use for logging onto the EMA. 

Examples:

  • Administrator
  • Calea
  • Field Service
  • Guest Operator
  • Security Auditor
  • Or any configured custom groups

To Edit Group Names

To edit a Group Name in the list, click the radio button next to it. The Edit Selected Tacacs Plus Group Names window is displayed.


 

Edit the Sbc Group Name field and click Save

To Copy a Group Name

To copy a Group Name in the list, click the radio button next to it. The Edit Selected Tacacs Plus Group Names window is displayed.

  1. Click the Copy Tacacs Plus Group Names tab. The Copy Selected Tacacs Plus Group Names window is displayed.
  2. Enter a new Tacacs Plus Group Name.
  3. Optionally change the Sbc Group Name.
  4. Click Save.

To Delete a Group Name

To delete a Group Name in the list, click the radio button next to it. 

  1. Click the "Delete" (error) button at the end of the row.
  2. When prompted, click Yes