The Net-Brainer

The Net-Brainer (
-   NetBrain Product (
-   -   How to configure External Authentication Server (TACACS+) in NetBrain (

admin 01-22-2015 05:31 AM

How to configure External Authentication Server (TACACS+) in NetBrain

Here is a detailed instruction to configure the TACACS+ authentication in Netbrain:

From NetBrain Customer License Server webpage (http://<IP or domain name of Customer License Server>/netbrain), switch to User Accounts tab and click External Authentication Server tab to display the page of external authentication setting

(1) Enable TACACS+ Authenticate: Check the checkbox of Enable External Authentication, and then click the Radio Button ahead of TACACS+ Authenticate to enable TACACS+ Authenticate setting pane.

(2) TACACS+ Authentication Setup

Primary Server IP: Enter the IP address that you have configured for your primary TACACS+ server, such as

Secondary Server IP: If you have a backup TACACS+ server configured, please enter its IP address in this filed. If not, just leave it empty. The secondary authentication Server will be used when the access to the primary server is not available.

Server Port: TACACS+ server will listen for TACACS+ authentication requests and respond to these requests on this port. The default port number of TACACS+ server is 49 and you could set a different port number when you configure your TACACS+ server, but please make sure that the server port number you enter here is totally same with the port number that you have set in your TACACS+ server configuration.

Secret Key: The password used to access your TACACS+ server. This password is configured on your TACACS+ server and please make sure the password that you enter in this filed is matched with the one that you have configured on the TACACS+ server

Login Mode: Login mode is the authentication method used to encrypt communications between the Network Automation and the TACACS+ server. There are four types of login modes we support: Standard ASCII, PAP, CHAP and MS-CHAP-v1. Please make one of these four authentication methods your choice when you configure TACACS+ server authentication method.

Authentication Timeout: the time interval between sending authentication password and getting authentication response from TACACS+ server.The default time is 5 seconds. If the authentication time exceeds 5 seconds, it will be treated as authentication timeout and an error will be displayed. This time is customizable.

Initial role of new users:
you could assign roles for new users and there are four types of roles: Admins, PowerUsers, engineers and Guests, which are the same with role names under "Role" tab next to the "External Authentication Server" tab. You could choose multiple roles for new users and the roles you choose here will just apply to new users, which means that the setting here will not affect the users already existed in role name list under “User” tab.

(3) Test TACACS+ server: after the settings above, click “Submit” button and a test window will pop up. Enter an account and password that you have added in your TACACS+ server and click “Test” button to check whether your TACACS+ server works.

Note: After finishing adding and testing TACACS+ server in CLS webpage, the users that you have configured in your TACACS+ server will not be automatically added to user list under “User” tab in your Customer License Server webpage unless these users have been authenticated by TACACS+ server and logged into workstation successfully.

All times are GMT -4. The time now is 11:24 PM.

Powered by vBulletin® Version 3.8.2
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright © 2009 NetBrain, Inc. All rights reserved.