Home NetBrain Product One-Skill-at-a-Time Search Mark Forums Read
Go BackThe Net-BrainerNetBrain Product How to configure External Authentication Server (TACACS+) in NetBrain

Thread Tools Search this Thread Display Modes
Old 01-22-2015, 05:31 AM
admin admin is offline
Join Date: May 2009
Posts: 59
Default How to configure External Authentication Server (TACACS+) in NetBrain

Here is a detailed instruction to configure the TACACS+ authentication in Netbrain:

From NetBrain Customer License Server webpage (http://<IP or domain name of Customer License Server>/netbrain), switch to User Accounts tab and click External Authentication Server tab to display the page of external authentication setting

(1) Enable TACACS+ Authenticate: Check the checkbox of Enable External Authentication, and then click the Radio Button ahead of TACACS+ Authenticate to enable TACACS+ Authenticate setting pane.

(2) TACACS+ Authentication Setup

Primary Server IP: Enter the IP address that you have configured for your primary TACACS+ server, such as

Secondary Server IP: If you have a backup TACACS+ server configured, please enter its IP address in this filed. If not, just leave it empty. The secondary authentication Server will be used when the access to the primary server is not available.

Server Port: TACACS+ server will listen for TACACS+ authentication requests and respond to these requests on this port. The default port number of TACACS+ server is 49 and you could set a different port number when you configure your TACACS+ server, but please make sure that the server port number you enter here is totally same with the port number that you have set in your TACACS+ server configuration.

Secret Key: The password used to access your TACACS+ server. This password is configured on your TACACS+ server and please make sure the password that you enter in this filed is matched with the one that you have configured on the TACACS+ server

Login Mode: Login mode is the authentication method used to encrypt communications between the Network Automation and the TACACS+ server. There are four types of login modes we support: Standard ASCII, PAP, CHAP and MS-CHAP-v1. Please make one of these four authentication methods your choice when you configure TACACS+ server authentication method.

Authentication Timeout: the time interval between sending authentication password and getting authentication response from TACACS+ server.The default time is 5 seconds. If the authentication time exceeds 5 seconds, it will be treated as authentication timeout and an error will be displayed. This time is customizable.

Initial role of new users:
you could assign roles for new users and there are four types of roles: Admins, PowerUsers, engineers and Guests, which are the same with role names under "Role" tab next to the "External Authentication Server" tab. You could choose multiple roles for new users and the roles you choose here will just apply to new users, which means that the setting here will not affect the users already existed in role name list under “User” tab.

(3) Test TACACS+ server: after the settings above, click “Submit” button and a test window will pop up. Enter an account and password that you have added in your TACACS+ server and click “Test” button to check whether your TACACS+ server works.

Note: After finishing adding and testing TACACS+ server in CLS webpage, the users that you have configured in your TACACS+ server will not be automatically added to user list under “User” tab in your Customer License Server webpage unless these users have been authenticated by TACACS+ server and logged into workstation successfully.
Reply With Quote


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -4. The time now is 02:29 PM.
Powered by vBulletin
Copyright © 2000-2010 Jelsoft Enterprises Limited.
Copyright © 2009 NetBrain, Inc. All rights reserved.