Auth/RADIUS/TACACS+ Tab

Administration > General Settings > Users & Authentication > Auth/RADIUS/TACACS+

This tab displays the configured settings for authentication and authorization.

If the appliance relies on either a RADIUS or TACACS+ server for those services, those settings are also reported.

All settings are initially applied via the Auth/RADIUS/TACACS+ configuration template.

Authentication and Authorization

Authentication and Authorization Fields

Field	Description
Appliance	Name of the appliance selected.
Authentication Order	When it is possible to validate against more than one database (local, RADIUS server, TACACS+ server), Authentication Order specifies which method to try in what sequence: Authentication Order First, Order Second, and Order Third.
Authorization Map Order	Map ordering determines which server is used first. Select the map ordering from the drop-down list: Local-Only, Remote-First, and Remote-Only. The default (and recommended) value is Remote-First.
Authorization Default Role	Default role assigned for authorization. The default (and recommended) value is admin.
Authentication	Process of validating that the end user, or a device, is who they claim to be.
Authorization	Action of determining what a user is allowed to do. Generally, authentication precedes authorization.
Map Order	Default (and recommended) value is Remote First.

RADIUS and TACACS+

RADIUS and TACACS+ Server Fields

Field	Description
Server Type	RADIUS or TACACS+.
Auth Port	For RADIUS, the default value is 1812. For TACACS+, the default value is 49.
Auth Type	[TACACS+] The options are pap or ascii.
Timeout	If a logged-in user is inactive for an interval that exceeds the inactivity time-out, the appliance logs them out and returns them to the login page. You can change that value, as well as the maximum number of sessions, in the Session Management template.
Retries	Number of attempts allowed before lockout.
Enabled	Whether or not the server is enabled.

Auth/RADIUS/TACACS+ Edit Row

Select the Authentication Order and Authorization information in this dialog box. You can also add a RADIUS and TACACS+ Server by clicking Add under each section.

Authentication Order

Choose which authentication database you want to be First, Second, and Third from the designated drop-down lists.

Authorization Information

Select the Map Order and the Default Role from the designated drop-down lists.

This tab displays the configured settings for authentication and authorization.

If the appliance relies on either a RADIUS or TACACS+ server for those services, those settings are also reported.

All settings are initially applied via the Auth/RADIUS/TACACS+ configuration template.

Authentication and Authorization

Authentication and Authorization Fields

Field	Description
Authentication	Process of validating that the end user, or a device, is who they claim to be.
Authorization	Action of determining what a user is allowed to do. Generally, authentication precedes authorization.
Authentication Order	When it is possible to validate against more than one database (local, RADIUS server, TACACS+ server), Authentication Order specifies which method to try in what sequence. Default is Local-first.
Map Order	Default (and recommended) value is Remote First.
Default Role	Default (and recommended) value is admin.

RADIUS and TACACS+

RADIUS and TACACS+ Server Fields

Field	Description
Order	Method RADIUS and TACAC+ specifies first– local first.
Auth Port	For RADIUS, the default value is 1812. For TACACS+, the default value is 49.
Auth Type	[TACACS+] The options are pap or ascii.
Enabled	Whether or not the server is enabled.
Retries	Number of attempts allowed before lockout.
Server Type	RADIUS or TACACS+.
Timeout	If a logged-in user is inactive for an interval that exceeds the inactivity time-out, the appliance logs them out and returns them to the login page. You can change that value, as well as the maximum number of sessions, in the Session Management template.