Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
TACACS+ Enforcement Service
Configure the TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. request. TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. users can be authenticated against any of the supported authentication source types:
service for any kind ofLocal DB
SQL DB
Token Servers with a RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. interface
Similarly, you can specify service-level authorization sources from the Authorization tab. You can associate a role-mapping policy with this service via the Roles tab.
The result of evaluating a TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. enforcement policy is one or more TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. enforcement profiles. For more information on TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. enforcement profiles, see TACACS+ Based Enforcement Profile.
To create a
service:1. Navigate to > , then select the link. The page opens.
2. From the Type drop down, select . The service configuration dialog opens:
Figure 1 Adding a New TACACS+ Enforcement Service
3. Specify the tab parameters as described in the following table:
Parameter |
Action/Description |
Type |
From the drop-down list, select . |
Name |
Enter the name of the service. |
Description |
Provide additional information that helps to identify the service. |
Monitor Mode |
The option is disabled for an enforcement policy. |
More Options |
The tab is not enabled by default.To bring up the configuration tab, check the check box. |
|
|
Type |
Select one of the following service rule types: Authentication Connection Date Device Host Endpoint |
Name |
Select the name of the service rule from the drop-down list. |
Operator |
Select an appropriate operator from the list of operators for the data type of the attribute. For example, you can select from BELONGS_TO, NOT_BELONGS_TO, CONTAINS, or EQUALS. |
Value |
Select the value from the drop-down list. The value list depends on the operator selected. |
Policy Manager provides a way to differentiate between a TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. login authentication and a TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. enable authentication.
To do so, in Service and Policy rule configuration, you can use the
type parameter. This parameter accepts three values: , , or .Note that an Enforcement policy can also use the
attribute in the > section of the policy configuration.Creating a TACACS+ Multi-Factor Authentication Service
To apply the TACACS+ Terminal Access Controller Access Control System+. TACACS+ provides separate authentication, authorization, and accounting services. It is derived from, but not backward compatible with, TACACS. Enforcement service:
parameter in a1. Navigate to > , then select the link.
The
service configuration dialog opens:Figure 2 Configuring a TACACS+ Multi-Factor Authentication Service
2. Specify the parameters as described in the following table:
Parameter |
Action/Description |
Type |
From the drop-down list, select . |
Name |
Enter the name of the service. |
Description |
Provide additional information that helps to identify the service. |
Monitor Mode |
The option is disabled for an enforcement policy. |
More Options |
The tab is not enabled by default.To bring up the configuration tab, check the check box. |
|
|
Type |
Select , then select the type. |
Name |
Select . |
Operator |
Select . |
Value |
Select one of the following values: : Choose this option when the user does not require authentication. : Choose this option when the user is authenticating in Login mode. : Choose this option when the user is authenticating in Privileged mode. |