Nokia Network Voyager for IPSO 4.0 Reference Guide 321If all the attempts do not make a reliable connection within the timeout period, the clientstops trying to contact the RADIUS server. The default is 3.NoteThe maximum tries value includes the first attempt. For example, a value of 3 means theclient makes two additional attempts to contact the RADIUS server after the firstattempt.13. Click Apply, and then click Save to make your changes permanent.Repeat steps 1 through 14 to configure additional RADIUS authentication profiles. You mustconfigure a RADIUS authentication server for each profile even if you associate the new profilewith a server that you previously configured for an existing RADIUS authentication profile.Repeat steps 8 through 14 of this procedure to configure additional AAA RADIUSauthentication servers only.Configuring TACACS+The TACACS+ authentication mechanism allows a remote server that is not part of IPSO toauthenticate users (checks passwords) on behalf of the IPSO system. TACACS+ encryptstransmitted passwords and other data for security.In the IPSO 3.6 release, TACACS+ is supported for authentication only, and not for accounting.Challenge-response authentication, such as S/Key, over TACACS+ is not supported by IPSO atthis time.You can configure TACACS+ support separately for various services. The Network Voyagerservice is one of those for which TACACS+ is supported and is configured as the httpd service.When TACACS+ is configured for use with a service, IPSO contacts the TACACS+ server eachtime it needs to check a user password. For the Network Voyager service this occurs for eachHTTP request (every page view). If the server fails or is unreachable, the password is notrecognized and you are not allowed access. In Network Voyager, this denial is effectiveimmediately. Before you change the Network Voyager configuration, confirm any newconfiguration.To configure TACACS+ servers for a single authentication profile1. Click AAA under Configuration > Security and Access in the tree view.2. In the Auth. Profile section, enter a name for the TACACS+ service in the New Auth. Profiletext box.For more information, see “Creating an Authentication Profile.”3. Click Type and select TACPLUS from the drop-down list as the type of service.4. Click Control and select required, requisite, sufficient, optional or NOKIA-SERVER-AUTH-SUFFICIENT from the drop-down list to determine the level of authentication toapply to a profile.For more information, see “Profile Controls.”
