Versions Compared

Old Version 1

changes.mady.by.user Panna .

Saved on

compared with

New Version Current

changes.mady.by.user Panna .

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Drawio
border1
baseUrlhttps://infoblox-docs.atlassian.net/wiki
diagramName4.7
zoom1
custContentId8654464
pageId26774500custContentId8654464
lbox1
contentVer1
revision1

...

You can add multiple TACACS+ servers to the TACACS+ authentication server group. NIOS sends authentication requests to the TACACS+ servers in the order they are listed. NIOS sends authentication requests to the first server on the list. If that server is unreachable or generates an error, then NIOS sends the request to the next server in the list that has not been previously queried, and so on. NIOS logs an error message in syslog if all servers have been queried and they all generate errors or are unreachable.
To configure a TACACS+ authentication server group:

  1. From the Administration tab, click the Authentication Server Groups tab.

  2. Click the TACACS+ Services subtab and click the Add icon.

  3. In the Add TACACS+ Service wizard, complete the following:

    • Name: Enter a name for the server group.

    • TACACS+ Servers: Click the Add icon and complete the following:

      • Server Name or IP address: The name or IP address of the TACACS+ server.

      • Comment: You can enter additional information about the server.

      • Port: The TCP destination port for TACACS+ communication. This port is used for authentication, accounting and authorization packets. The default is port 49.

      • Authentication Type: Select ASCII, PAP or CHAP. The default is CHAP.

      • Shared Secret: The shared key that the NIOS appliance and the TACACS+ server use to encrypt and decrypt messages.

      • Enable Accounting: Select this to enable NIOS to send accounting information to the TACACS+ server.

      • Connect through Management Interface: Select this checkbox to enable the appliance to use the MGMT port to communicate with the TACACS+ server. Ensure that the MGMT port is configured. Otherwise, the appliance will use the LAN interface

      • Disable Server: Select this to prevent queries from being sent to this server. You can retain the configuration, but disable the service.
        Click Test to test the configuration. Click Add to add the TACACS+ server to the list.
        When you add multiple TACACS+ servers, the appliance lists the servers in the order you added them. This list also determines the order in which the NIOS appliance attempts to contact a TACACS+ server. You can move a server up or down the list by selecting it and clicking the up or down arrow.

      • Authentication/Authorization: Optionally, modify the authentication and authorization settings. These settings apply to all TACACS+ servers that you configure on the NIOS appliance.

        • Timeout(s): Specify the number of seconds or milliseconds that the appliance waits for a response from the TACACS+ server before it tries to contact it again. The amount of time before the server is retried. The default and minimum is 5000, and the maximum is 60000.

        • Retries: Specify how many times NIOS attempts to contact a TACACS+ server and fails before it tries to contact the next server on the list. The default is 0. The maximum is 5.

      • Accounting: Optionally, modify the Accounting settings.

        • Timeout(s): Specify the number of seconds or milliseconds that the appliance waits for a response from the TACACS+ server. The amount of time before the server is retried. The default and minimum is 1000, and the maximum is 30000.

        • Retries: Specify how many times the appliance attempts to contact an accounting TACACS+ server and fails before it tries to contact the next accounting server on the list. The default is 0. The maximum is 5.

      • Comment: Enter additional information about the service.

      • Disable: Select this to retain an inactive TACACS+ authentication service profile.

  4. Save the configuration.