Table of Contents
Advertisement
TACACS+ Configuration Quick Start
TACACS+ Configuration Quick Start
Cisco Global Site Selector Administration Guide
4-4
If the GSS cannot contact any of the three specified TACACS+ servers, the GSS
checks for the local authentication setting and falls back to performing local user
authentication through either the console port or a Telnet connection. Local
authentication is always enabled on the console port and Telnet connection to
avoid lockout. Local authentication is an option for an FTP, GUI, or SSH
connection.
Table 4-1
provides a quick overview of the steps required to configure TACACS+
server operation on a GSS. Each step includes the CLI command required to
complete the task. For a complete description of each feature and all the options
associated with the CLI command, see the sections following the table.
Table 4-1
TACACS+ Configuration Quick Start
Task and Command Example
Configure the authentication, authorization, and accounting service settings
1.
on the TACACS+ server, such as the Cisco Secure Access Control Server
(ACS).
Enable global configuration mode on the GSS device.
2.
gssm1.example.com# config
gssm1.example.com(config)#
Define the TACACS+ server that contains the TACACS+ authentication,
3.
authorization, and accounting databases. You can define a maximum of
three servers for the GSS. Specify the IP address or hostname for the server.
By default, the TCP port is 49. You can optionally define a different port
number and, if required, a TACACS+ server encryption key.
gssm1.example.com(config)# tacacs-server host 192.168.1.102 port
9988 key SECRET-456
(Optional) Define a global TACACS+ timeout period for the configured
4.
TACACS+ servers.
gssm1.example.com(config)# tacacs-server timeout 60
Enable TACACS+ authentication for a specific GSS access method.
5.
gssm1.example.com(config)# aaa authentication ssh
Chapter 4
Managing GSS User Accounts Through a TACACS+ Server
OL-10410-01
Hide quick links:
Advertisement
Table of Contents
