To Next Page

To Previous Page

User authentication Terminal AccessController Access-Control System Plus(TACACS+)

IX20 User Guide

896

Error: Unrecognised token on line 1

5. Restart the TACACS+server:

$ sudo /etc/init.d/tacacs_plus restart

TACACS+ server failover and fallback to local authentication

In addition to the primary TACACS+server, you can also configure your IX20 device to use backup

TACACS+servers. Backup TACACS+ servers are used for authentication requests when the primary

TACACS+server isunavailable.

Falling back to local authentication

With user authentication methods, you can configure your IX20 device to use multiple typesof

authentication. For example, you can configure both TACACS+authentication and local

authentication, so that local authentication can be used as a fallback mechanism if the primary and

backup TACACS+servers are unavailable. Additionally, users who are configured locally but are not

configured on the TACACS+server are still able to log into the device. Authentication methodsare

attempted in the order they are listed until the first successful authentication result is returned;

therefore if you want to ensure that users are authenticated first through the TACACS+ server, and

only authenticated locally if the TACACS+ server is unavailable or if the user is not defined on the

TACACS+server, then you should list the TACACS+authentication method prior to the Local users

authentication method.

See User authentication methodsfor more information about authentication methods.

If the TACACS+servers are unavailable and the IX20 device falls back to local authentication, only

users defined locally on the device are able to log in. TACACS+users cannot log in until the TACACS+

servers are brought back online.

Configure your IX20 device to use a TACACS+ server

This section describeshow to configure a IX20 device to use a TACACS+server for authentication and

authorization.

Required configuration items

Define the TACACS+server IPaddress or domain name.

Define the TACACS+server shared secret.

The group attribute configured in the TACACS+server configuration.

The service field configured in the TACACS+server configuration.

Add TACACS+ as an authentication method for your IX20 device.

Additional configuration items

Whether other user authentication methodsshould be used in addition to the TACACS+ server,

or if the TACACS+ server should beconsidered the authoritativelogin method.

Enable command authorization, so that the device will communicate with the TACACS+server

to determine if the user is authorized to execute a specific command.

Enable command accounting, so that the device will communicate with the TACACS+server to

log commands that the user executes.

Digi IX20 User Manual

Questions and Answers: