TACACS+ Support
TACACS+ is an external authentication
server used for verifying user credentials.
The TACACS+ (Terminal Access Controller Access-Control System Plus) protocols support
environments that are configured for authentication, authorization, and accounting (AAA)
services. When TACACS+ is configured through the Visibility Manager interface,
TACACS+ users can log in to Visibility Manager interface.
Visibility Manager supports TACACS+ authentication in the
following ways.
- Visibility Manager supports up to four TACACS+
servers for authentication purposes and contacts them in the order in which they
were configured. When one server is unreachable, failover to the next server can
occur.
- The user roles specified in the TACACS+
server configuration can be one of the following.
- One of the supported Visibility Manager
roles, System Admin and Network Operator. For more information, see
User Roles.
- A local TACACS+ role that you can map to Visibility Manager. For more information, see Map a TACACS+ Role.
- If TACACS+ authentication fails because an
unsupported or unmapped role was assigned, the Network Operator role is assigned
by default.
- Remote authentication must be enabled. For more information, see Manage TACACS+ Authentication for Web Interface Access. If remote
authentication is not enabled, only local authentication is used.
- If remote authentication fails, Visibility Manager attempts to use local authentication, which is successful only
if the user is in the Visibility Manager
database.
- The secret key configured for Visibility Manager must be the same as the secret key from the TACACS+ server
configuration file. Authentication fails if the two values do not match.
- Visibility Manager supports two TACACS+
authentication protocols.
- CHAP: Challenge Handshake Authentication Protocol
- PAP: Password Authentication Protocol
