TACACS+
Only users belonging to the Super Admin User Group or users with write access to GigaVUE‑FM Security Management category can use the Authentication Server > TACACS+ to add entries to GigaVUE‑FM’s list of available TACACS+ authentication servers.
You can add multiple TACACS+ servers. Servers are used as fallbacks in the same order they are specified – if the first server is unreachable, the second is tried, and so on, until all named servers have been used. If a server is reachable and authentication fails, the authentication process terminates.
| 1 | TACACS+ Page |
Note: If you are deploying GigaVUE‑FM inside AWS, make sure to provide the private IP address of GigaVUE‑FM to the TACACS+ server for authentication and not its public IP address.
Supported TACACS+ Servers
GigaVUE‑FM has been tested with the TACACS+ implementation provided by Cisco Secure ACS v5.4.0.46.0 and CISCO ISE v3.3.x. Although other versions and implementations may operate acceptably, they have not been tested.
TACACS+ Section: Controls and Fields
TACACS+ server section has the following buttons that allow you to manage the information that appears in the table.
|
Controls |
Description |
|
|
Add Server |
Allows you to add a new TACACS+ Server to the list. See Add a New TACACS+ Server for details. |
|
|
Actions |
Click the Actions drop-down to perform the following: Edit: Allows you to change the settings for an existing TACACS+ Server entry. Select a server’s entry and click Edit to open a dialog where you make the changes. Delete: Allows you to delete a TACACS+ Server entry. |
|
|
Default Settings |
Allows you to set default Shared Secret, Timeout, Retransmit, and Services options for TACACS+ Servers. When you add a new TACACS+ Server to the list, you have the option of accepting these default settings or providing custom values. |
Add a New TACACS+ Server
Add a new TACACS+ Server to GigaVUE‑FM’s list by clicking Add and setting the options on the Add TACACS Server page shown in 2 Adding TACACS+ Server Settings.
| 2 | Adding TACACS+ Server Settings |
The following table describes the settings.
|
Field |
Description |
||||||
|
Enabled |
Specify whether this server is currently enabled for use with authentication requests. |
||||||
|
Server IP/DNS Name |
The IPv4/IPv6 address or the DNS name configured for this TACACS+ Server entry. The same IP address can be used for more than one TACACS+ server as long as they use different Auth Port values. |
||||||
|
Auth Port |
The UDP port number on which the TACACS+ server is running. If not specified, the port is set to the default TACACS+ port number of 49. |
||||||
|
Auth Type |
The authentication type used by the TACACS+ server. The valid values are:
|
||||||
|
Use defaults for following |
Leave this box checked to accept the default values for the Key, Timeout, and Retransmit options configured by clicking the Edit Default button at the top of the TACACS+. Alternatively, you can leave this box unchecked and set custom values for the Key, Timeout, and Retransmit options with the respective fields. |
||||||
|
Shared Secret |
Specifies a shared secret string to be used for encryption of authentication packets sent between GigaVUE‑FM and this TACACS+ server. |
||||||
|
Timeout |
Specifies how long GigaVUE‑FM will wait for a response from this TACACS+ server to an authentication request before declaring a timeout failure. The valid range is 0-60 seconds; default value is five seconds. |
||||||
|
Retransmit |
Specifies the number of times GigaVUE‑FM will attempt to authenticate with this TACACS+ server before moving on to the next authentication server or method. The valid range is 0-5; default is two. Set to 0 to disable retransmissions. |
