Configure AAA TACACS Server Information

You must be in the process of configuring a new AAA TACACS policy or modifying an existing policy to use this procedure.

Use this procedure to configure or modify server information for an AAA TACACS policy.

Choose from the following actions:
- If you are in the process of configuring a new AAA TACACS policy, proceed to the next step.
- If you want to edit server information settings for an AAA TACACS policy, go to Policies > AAA TACACS.
  
  Select adjacent to the target AAA TACACS policy. Modify the settings in the Server Info tab in accordance with the steps in this procedure.
Select the Server Info tab.
In the Authentication pane, select Add to assign an authentication server. Configure the server parameters as described in AAA TACACS Policy - Authentication, Authorization, and Accounting Server Parameters.
In the Authorization pane, select the server which is to receive authorization requests. Options include:
- <None>
- authenticated-server-host (default)
- authenticated-server-number
If you choose <None> or authenticated-server-number, select Add to assign an authorization server. Configure the server parameters as described in AAA TACACS Policy - Authentication, Authorization, and Accounting Server Parameters.
In the Accounting pane, select the server which is to receive accounting requests. Options include:
- <None>
- authenticated-server-host (default)
- authenticated-server-number
- authorized-server-host
- authorized-server-number
If you choose <None>, authenticated-server-number, or authorized-server-number, select Add to assign an accounting server. Configure the server parameters as described in AAA TACACS Policy - Authentication, Authorization, and Accounting Server Parameters.
After you have completed configuring the settings, choose from the following actions:
1. Select Revert to restore default settings.
  
  Note
  You cannot restore default settings after applying or saving changes.
2. Select Apply to commit the configured settings.
  
  Note
  This does not permanently save the settings you configured. If you perform a Reload (warm reboot), applied settings will be lost.
3. Select Save to commit and save the configured settings.
  
  Note
  
  If you do not select Apply or Save, the settings that you configured are not saved when you move away from the configuration window.

Use the information provided in the following table to complete steps 3 through 5 of this procedure.

Table 1. AAA TACACS Policy - Authentication, Authorization, and Accounting Server Parameters
Parameter	Description
Server Id	Set numerical server index (1 – 2) for the authentication server when added to the list of available TACACS authentication server resources.
Host	Specify the IP address or hostname of the AAA TACACS server.
Port	Define or edit the port on which the AAA TACACS server listens to traffic. The port range is 1 – 65,535. The default port is 49.
Secret	Specify (and confirm) the secret (password) used for authentication between the selected AAA TACACS server and the controller, service platform or access point. By default the secret is displayed as asterisks. To see the secret being entered, or to view it later, select .
Request Timeout	Specify the time for the re-transmission of request packets after an unsuccessful attempt. The default is 3 seconds. If the set time is exceeded, the authentication session is terminated.
Request Attempts	Set the number of connection request attempts to the TACACS server before it times out of the authentication session. The available range is 1 – 10. The default is 3.
Retry Timeout Factor	Set the scaling of retransmission attempts in the range 50 – 200 seconds. The timeout at each attempt is the function of the retry timeout factor and the attempt number. The default value (100) implies a constant timeout on each retry. Smaller values indicate more aggressive (shorter) timeouts. Larger numbers define more conservative (larger) timeouts on each successive attempt. The default is 100.