User guide
3. Click Authenticationin the top navigation bar. The User Authentication Services window
will open.
4. Click Add. The Add Authentication Service Wizard will appear.
5. The Provide Authentication Service Name and Type window will open.
a. Type a 1-64 character name for the TACACS+ authentication service.
b. Select TACACS+ from the Type menu.
c. Click Next.
6. The Specify TACACS+ Connection Settings window will open.
a. Type the address of the TACACS+ host or type the DNS host name in the Server
Address field.
b. Type the number of the port (from 1-65535) connecting to the TACACS+ host in the
Port Number field. The default port is 49.
c. Click Next.
7. The Establish Connection with Authentication Service window will open briefly. If the
external authentication service is contacted successfully, the Specify TACACS+
Authentication Settings window will open.
a. Select the authentication type from the Authentication Type menu. Make sure it is one
of the available authentication types noted in step 1.
PAP - Password Authentication Protocol
CHAP - Challenge Handshake Authentication Protocol (default)
MS-CHAP - Microsoft Challenge Handshake Authentication Protocol
b. In the Shared Secret field, type the shared secret (configured on the TACACS+ server
in step 1), which is a password protected field. (For the shared secret, Microsoft’s
implementation allows up to 128 ASCII characters and Cisco’s implementation allows
up to 32 ASCII characters; other servers may have a different limit.)
NOTE: If you change the authentication type, you will be required to enter the shared secret.
c. Re-enter the shared secret in the Confirm Shared Secret field.
d. Click Next.
8. The Specify TACACS+ Group Authorization Method window will open.
a. Click the corresponding radio button to choose one of the following options to
manage group authorization:
Chapter 6: Authentication Services 107