How to Configure TACACS+ Authentication

Terminal Access Controller Access-Control System Plus (TACACS+) is an access control network protocol (TCP) for routers, network access servers, and devices. Unlike RADIUS, TACACS+ uses separate authentication and authorization. TACACS+ provides centralized user and group management and offers extended logging options. TACACS+ supports multiple protocols, e.g., IP and  AppleTalk .

To configure TACACS+ for external authentication with the Barracuda CloudGen Firewall,

1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.

2. In the left navigation pane, select TACACS+ Authentication.

3. Click Lock.

4. Enable TACACS+ as external directory service.

5. In the TACACS+ IP Address table, add an entry for each TACACS+ server. You can edit the following settings:

   • TAC+ IP Address – IP address of the TACACS+ server.

   • TAC+ ID Port – ID Port information. E.g.: tty10

   • TAC+ Server Port – TCP port of the TACACS+ server.

   • TAC+ Key – DES encryption key.

   • Timeout (s) – Authentication timeout in seconds.

   • TAC+ Login Type – TACACS+ login type (inbound).

6. Click OK.

7. If group information is queried from a different authentication scheme, select the scheme from the User Info Helper Scheme list.

8. Click Send Changes and Activate.