TACACS+ Authentication, Authorization, and Accounting
About Configuring TACACS+
The following is a summary of the procedure for configuring TACACS+. All steps are explained in detail
in the remainder of this section.
1.
1.
2.
3.
If TACACS+ is used as the login method, the TACACS+ username is used automatically in the enable
Note
command. Therefore, it is important to configure the same usernames in both TACACS+ and the local
database so that the enable command can recognize this username.
4.
5.
Cisco SCE 8000 10GBE Software Configuration Guide
5-18
Configure the remote TACACS+ servers.
Configure the remote servers for the protocols. Keep in mind the following guidelines
Configure the encryption key that the server and client will use.
–
The maximal user privilege level and enable password (password used when executing the
–
enable command) should be provided.
The configuration should always include the root user, giving it the privilege level of 15.
–
Viewer (privilege level 5) and superuser (privilege level 10) user IDs should be established at
–
this time also.
For complete details on server configuration, refer to the appropriate configuration guide for the
particular TACACS+ server that you will be using.
Configure the Cisco SCE client to work with TACACS+ server:
hostname of the server
–
port number
–
shared encryption key (the configured encryption key must match the encryption key configured
–
on the server in order for the client and server to communicate.)
(Optional) Configure the local database, if used.
add new users
–
If the local database and TACACS+ are both configured, it is recommended to configure the same
user names in both TACACS+ and the local database. This will allow the users to access the Cisco
SCE platform in case of TACACS+ server failure.
specify the password
–
define the privilege level
–
Configure the authentication methods on the Cisco SCE platform.
login authentication methods
–
privilege level authorization methods
–
command level authorization methods
–
Review the configuration.
Use the " show running-config " command to view the configuration.
Chapter 5
Configuring the Management Interface and Security
OL-30621-02