Configuring a TACACS+ Server

Table 1 defines the TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS.  server parameters.

Table 1: TACACS+ Server Configuration Parameters

Parameter	Description
Host	IP address of the server. Default: N/A
Key	Shared secret to authenticate communication between the TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS.  client and server. Default: N/A
Re-type Key	Re-enter the key.
TCP Port	TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. port used by server. Default: 49
Retransmits	Maximum number of times a request is retried. Default: 3
Timeout	Timeout period for TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS.  requests, in seconds. Default: 20 seconds
Mode	Enables or disables the server. Default: enabled
Session Authorization	Enables or disables session authorization. Session authorization turns on the optional authorization session for admin users. Default: disabled

The following procedure describes how to configure a TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS.  server:

1. In the Mobility Master node hierarchy, navigate to the Configuration > Authentication > Auth Servers tab.

2. To configure a TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS.  server, click + under All Servers. Enter the Name and IP address of the server. Set the Type to TACACS and click Submit.

3. Select the server created to configure server parameters. Enter the parameters as described in Table 1. Select the Mode check box to activate the authentication server.

4. Click Submit.

5. Click Pending Changes.

6. In the Pending Changes window, select the check box and click Deploy changes.

The configuration does not take effect until you perform this step.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure a TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS.  server and session authorization:

(host) [mynode] (config) #aaa authentication-server tacacs <name>

clone default

host <ipaddr>

key <psk>

enable

session-authorization