The router will utilize a Terminal Access Controller Access-Control System Plus (TACACS+) server or servers to determine administration authorization.
The NetCloud OS (NCOS) implementation of TACACS+ uses only the TACACS+ authentication functionality and does not include TACACS+ authorization or accounting functions.
Note
TACACS+ is supported for IPv6.
Complete the steps in Configuring Advanced Authentication Options.
Select from the Authentication Mode drop-down menu.
Set the Server Timeout value (using seconds) in the TACAS+ Settings section. This setting specifies the amount of time the Ericssson Cradlepoint router waits before ending the authentication session to the TACACS+ server.
Select the Authentication Service:
(plain text).
– Password Authentication Protocol.
– Challenge Handshake Authentication Protocol. CHAP provides the best security.
In the Server 1 area, configure Server 1.
Enter an address for the TACACS+ server in the Server Address field. The server address can be either an IP address or a Fully Qualified Domain Name (FQDN).
Note
If using a FQDN, ensure that the Ericsson Cradlepoint router can resolve the DNS name for the TACACS+ server by using the Ping tool under > > . Run the same test when configuring an IP address to verify connectivity to that IP address.
In the Port field, set the port value used on the TACACS+ server. The default port is TCP port 49 but can be changed if the TACACS+ server is configured to use a different port number.
Enter the Shared Secret password configured on the TACACS+ server.
(Optional) Repeat steps 1–4 for a Server 2. Configuring a second server is optional, but it is recommended to provide uninterrupted device access if communication is lost with Server 1.
Note
The Ericsson Cradlepoint router requires the TACACS+ server to return a privileged level of "15" or "root" when authenticating users. All other privileges will fail to allow authentication to the Ericsson Cradlepoint router.