Users with domain user role permissions can test a TACACS+ configuration before applying it. For more information, see "Test TACACS+ authentication (on page 83)."

The following table describes the fields within the TACACS+ Settings screen. Clicking another link in the pull-down menu or left navigation tree causes current edits that have not been applied to be lost.

Field

Description

 

 

Enable TACACS

Select to enable TACACS+ authentication.

Authentication

 

Enable TACACS

Select to enable command logging on the TACACS+ server.

Command Logging

 

Server Address

The IPv4 or IPv6 address, or the DNS host name of the TACACS+ server used for

 

authentication

 

 

Server SSL Port

The server TCP port number. Valid values include a valid port number between 1 and

 

65535. The default port is 49.

 

 

Server Timeout

The time in seconds that VCM should wait before timing out the request. If the request

 

to the primary server times out and a secondary server is configured, VCM attempts the

 

request on the secondary server. If the secondary server times out, the request fails. The

 

valid range of values is from 1 to 600 seconds. The default timeout is 10 seconds.

 

 

Server Key

A string to be used for encrypting user details. This is a shared secret text string that

 

must match between VCM and the TACACS+ server. The secret-key is a plain text string

 

of 1 to 128 characters.

 

 

Add/Remove

Select to add or remove a secondary TACACS+ server.

Secondary Server

 

To add a secondary server, select the Add/Remove Secondary Server check box to display the Secondary Server Parameters, complete the fields as described in the table above, and then click Apply. The secondary server is queried only if the primary server is down or the request to the primary server times out.

To remove a secondary server, select the Add/Remove Secondary Server check box to display the Secondary Server Parameters, clear the fields, and then click Apply.

Virtual Connect users and roles 80