Configuration of TACACS+ Parameters on Sx500 Series Stackable Switches

Available Languages

Download Options

PDF (633.5 KB)
View with Adobe Reader on a variety of devices
ePub (702.6 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (245.2 KB)
View on Kindle device or Kindle app on multiple devices

Updated:December 11, 2018

Document ID:SMB2564

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Configuration of TACACS+ Parameters on Sx500 Series Stackable Switches

Objective

Terminal Access Controller Access Control System (TACACS+) is used to ensure security. It provides two types of features Authentication and Authorization. The protocol exchanges encrypted protocol exchanges between the switch and the TACACS+ server. The switch has to be a client of the TACACS+ server. TACACS+ supports only IPv4. The users who have the privilege level 15 on TACACS+ server can operate the switch.

The objective of this document is to explain the configuration of the TACACS+ parameters on the Sx500 switch. The TACACS+ servers cannot be used as 802.1x authentication servers to ensure network security.

Applicable Devices

Sx500 Series Stackable Switches

Software Version

v1.2.7.76

Configuration of TACACS+ Parameters

Step 1. Log in to the web configuration utility, and choose Security > TACACS+. Click Add.

The TACACS+ page opens.

Note: The IP Version field gives the IP version supported. TACACS+ supports only IP Version 4.

Step 2. Click the desired text mode and enter the key string value in the Key String field. This is used for communication with all the TACACS+ servers. This switch can be configured in such a way that it can use the key given here or the key given for a specific server. The key for a specific server can be given in the Add TACACS+ server page. There are two text modes which are available.

Encrypted — The key string value is in an encrypted form which is mainly used for security.
Plaintext — The key string value is in a plaintext form.

Note: If the key string is not entered in this field, then the server key which is used in the Add TACACS+ server page must be compatible with the encryption key used by the TACACS+ server. If the key string is entered in this field and also in the specific TACACS+ field, then the key string configured for the specific TACACS+ server takes priority.

Step 3. Enter the desired default value in the Timeout for Reply field. This is how much time the switch waits for a reply from the TACACS+ server before the connection between the switch and the server times out. If a value is not entered in the Add TACACS+ server page for a particular server then the value is taken from this field.

Step 4. Click Apply. The default TACACS+ settings are added to the Running Configuration file.

Manage TACACS+ Server Table

Step 1. Click Add in the TACACS+ Server Table to add a TACACS+ server. The Add TACACS+ server page opens.

Step 2. Click the By IP Address radio button to enter the IP address in the Server IP Address/Name field or click the By name radio button to enter the name of the server in the Server IP Address/Name field

Step 3. Enter the priority in which the TACACS+ server is used in the Priority field. Zero is given the highest priority and so it is the first server used. If the switch is not able to establish a connection with the highest priority server then the switch tries to establish connections with the next highest priority server. The range is from 0 to 65535.

Step 4. Click the Use Default radio button to use the default value configured in the Default Parameters section. Click the User Defined (Encrypted) to enter the encrypted key string value of the specific TACACS+ server in the Key String field. Click the User Defined (Plain Text) to enter the key string value of the specific TACACS+ server in the Key String field. nbsp;

Step 5. Click Use Default radio button to use the default value configured in the Default Parameters section. Click User Defined radio button to enter the desired interval in the Timeout for Reply field in the User Defined field. This is how much time the switch waits for a reply from the TACACS+ server before the connection between the switch and the server times out.

Step 6. Enter the port number that is used for the TACACS+ session in the Authentication IP Port field. The default is 49.

Step 7. (Optional) To enable a single connection between the switch and the TACACS+ server, check Enable in the Single Connection field. If the TACACS+ server does not support single connection, then it switches to multiple connections.

Step 8. Click Apply to add the new TACACS+ server and save your changes to the Running Configuration file of the switch. The entry appears in the TACACS+ Server Table.

Step 9. (Optional) To edit an entry in the TACACS+ Server Table, check the corresponding check box and click Edit.

Step 10. (Optional) To delete an entry in the TACACS+ Server Table, check the corresponding check box and click Delete.

Step 11. (Optional) Click Display Sensitive Data As Plaintext to display sensitive data in plaintext form in the configuration file.

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)