TACACS+ Client
An organization can establish a Terminal Access Controller Access Control System (TACACS+) server to provide centralized security for all of its devices. In this way, authentication and authorization can be handled on a single server for all devices in the organization.
The device can act as a TACACS+ client that uses the TACACS+ server for the following services: The TACACS+ page enables configuring TACACS+ servers.
-
Authentication—Provides authentication of users logging onto the device by using usernames and user-defined passwords.
-
Authorization—Performed at login. After the authentication session is completed, an authorization session starts using the authenticated username. The TACACS+ server then checks user privileges.
-
Accounting—Enable accounting of login sessions using the TACACS+ server. This enables a system administrator to generate accounting reports from the TACACS+ server.
To configure TACACS+ server parameters, follow these steps:
Procedure
Step 1 |
Click Security > TACACS+ Client. |
||||||||||||||||||||||
Step 2 |
Enable TACACS+ Accounting if required. |
||||||||||||||||||||||
Step 3 |
Enter the following default parameters:
|
||||||||||||||||||||||
Step 4 |
Click Apply. The TACACS+ default settings are added to the Running Configuration file. These are used if the equivalent parameters are not defined in the Add page. The information for each TACACS server is displayed in the TACACS+ Server Table. The fields in this table are entered in the Add page except for the Status field. This field describes whether the server is connected or not to the device. |
||||||||||||||||||||||
Step 5 |
To add a TACACS+ server, click Add. To edit the TACACS+ Server, select the TACACS+ server and click Edit. |
||||||||||||||||||||||
Step 6 |
Next, configure the parameters.
|
||||||||||||||||||||||
Step 7 |
Click Apply. The TACACS+ server is added to the Running Configuration file of the device. |
||||||||||||||||||||||
Step 8 |
To display sensitive data in plaintext form on this page, click Display Sensitive Data As Plaintext. |