Configure TACACS+ Server

Configure TACACS+ Server allows you to configure a TACACS+ server to authenticate users for SFM sign-in.

TACACS+ (Terminal Access Controller Access Control System Plus) provides access control for routers, network access servers and other networked computing devices via one or more centralized servers.

TACACS+ provides separate authentication, authorization and accounting services but the device uses only the authentication function of the TACACS+ server.

Before you can use TACACS+ authentication, you must have a functioning TACACS+ server on the network.

  1. Go to System & Monitor > System Settings > System > Authentication Server and select Add.
  2. Select Server Type as TACACS+ Server. If the user is required to authenticate using a TACACS+ server, device needs to communicate with TACACS+ server for authentication.
  3. Enter the details.
    Server Name
    Enter name to identify the TACACS+ Server.
    Server IP
    Specify TACACS+ Server IPv4 Address.
    Specify port number on the TACACS+ server to which the device sends the authentication request.
    Default - 49
    Shared Secret
    Provide shared secret, which is used to encrypt information passed to the device.
    Figure: Add TACACS+Server
  4. Click Test Connection button to check the connectivity between TACACS+ and the device.
  5. Click Save.
    • SFM will not fetch user directly from TACACS+ server. SFM admin must create user with Authentication Type - External from System & Monitor > System Settings > Administration > User.
    • Device supports CHAP & PAP authentication methods to authenticate L2TP/PPTP users against TACACS+ server.
    • Device supports PAP authentication protocol to authenticate Firewall/Administrator/VPN users against TACACS+ server.