Terminal Access Controller Access-Control System Plus (TACACS+) is an access control network protocol (TCP) for routers, network access servers, and devices. Unlike RADIUS, TACACS+ uses separate authentication and authorization. TACACS+ provides centralized user and group management and offers extended logging options. TACACS+ supports multiple protocols, e.g., IP and AppleTalk .
Configure TACACS+
To configure TACACS+ for external authentication with the Barracuda CloudGen Firewall,
- Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
- In the left navigation pane, select TACACS+ Authentication.
- Click Lock.
- Enable TACACS+ as external directory service.
- In the TACACS+ IP Address table, add an entry for each TACACS+ server. You can edit the following settings:
- TAC+ IP Address – IP address of the TACACS+ server.
- TAC+ ID Port – ID Port information. E.g.:
tty10
- TAC+ Server Port – TCP port of the TACACS+ server.
TAC+ Key – DES encryption key.
- Timeout (s) – Authentication timeout in seconds.
- TAC+ Login Type – TACACS+ login type (inbound).
- Click OK.
- If group information is queried from a different authentication scheme, select the scheme from the User Info Helper Scheme list.
- Click Send Changes and Activate.