Security
Configuring TACACS+
STEP 1
STEP 2
STEP 3
NOTE
Cisco 500 Series Stackable Managed Switch Administration Guide Release 1.3
Defaults
The following defaults are relevant to this feature:
•
No default TACACS+ server is defined by default.
•
If you configure a TACACS+ server, the accounting feature is disabled by
default.
Interactions With Other Features
You cannot enable accounting on both a RADIUS and TACACS+ server.
Workflow
To use a TACACS+ server, do the following:
Open an account for a user on the TACACS+ server.
Configure that server along with the other parameters in the TACACS+ and Add
TACACS+ Server pages.
Select TACACS+ in the Management Access Authentication page, so that when a
user logs onto the device, authentication is performed on the TACACS+ server
instead of in the local database.
If more than one TACACS+ server has been configured, the device uses the
configured priorities of the available TACACS+ servers to select the TACACS+
server to be used by the device.
Configuring a TACACS+ Server
The TACACS+ page enables configuring TACACS+ servers.
Only users who have privilege level 15 on the TACACS+ server can administer the
device. Privilege level 15 is given to a user or group of users on the TACACS+
server by the following string in the user or group definition:
service = exec {
priv-lvl = 15
}
To configure TACACS+ server parameters:
20
370