Manualshelf

Troubleshooting guide

ManualsBrandsCisco ManualsComputer equipmentWide Area Virtualization Engine 274
221222223224225226227228229230
1-16
Cisco Wide Area Application Services Configuration Guide
OL-26579-01
Chapter 1 Configuring Administrative Login Authentication, Authorization, and Accounting
Configuring Administrative Login Authentication and Authorization
Note This caveat applies even if the WAAS users are using TACACS+ for login authentication.
To centrally configure TACACS+ server settings on a WAAS device or device group, follow these steps:
Step 1 From the WAAS Central Manager menu, choose Devices > device-name (or Device Groups >
device-group-name).
Step 2 Choose Configure > Security > AAA > TACACS+. The TACACS+ Server Settings window appears.
Note The TACACS+ server configuration cannot be modified or deleted when AAA Command
Authorization is enabled.
Step 3 Check the Use ASCII Password Authentication check box to use the ASCII password type for
authentication.
The default password type is PAP (Password Authentication Protocol). However, you can change the
password type to ASCII when the authentication packets are to be sent in ASCII cleartext format.
Step 4 In the Time to Wait field, specify how long the device should wait before timing out. The range is from
1 to 20 seconds. The default value is 5 seconds.
Step 5 In the Number of Retransmits field, specify the number of attempts allowed to connect to a TACACS+
server. The range is 1 to 3 times. The default value is 2 times.
Step 6 In the Security Word field, enter the secret key that is used to communicate with the TACACS+ server.
Note If you configure a TACACS+ key on the WAAS device (the TACACS+ client), make sure that
you configure an identical key on the external TACACS+ server. Do not use the following
characters: space, backwards single quote (`), double quote ("), pipe (|), number sign (#),
question mark (?), or backslash (\). The key is limited to 32 characters.
Step 7 In the Primary Server field, enter an IP address or hostname for the primary TACACS+ server.
If you want to change the default port (49), enter the port in the Primary Server Port field.
Step 8 In the Secondary Server field, enter an IP address or hostname for a secondary TACACS+ server.
If you want to change the default port (49), enter the port in the Secondary Server Port field.
Step 9 In the Tertiary Server field, enter an IP address or hostname for a tertiary TACACS+ server.
If you want to change the default port (49), enter the port in the Tertiary Server Port field.
Note You can specify up to two backup TACACS+ servers.
Step 10 Click Submit to save the settings.
You can now enable TACACS+ as an administrative login authentication and authorization method for
this WAAS device or device group, as described in the “Enabling Administrative Login Authentication
and Authorization Schemes for WAAS Devices” section on page 1-26.
To configure TACACS+ settings from the CLI, you can use the tacacs global configuration command.