Security
Configuring TACACS+
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 335
18
STEP 3 Select TACAC S+ in the Management Access Authentication page, so that when a
user logs onto the device, authentication is performed on the TACACS+ server
instead of in the local database.
NOTE If more than one TACACS+ server has been configured, the device uses the
configured priorities of the available TACACS+ servers to select the TACACS+
server to be used by the device.
Configuring a TACACS+ Server
The TACACS+ page enables configuring TACACS+ servers.
Only users who have privilege level 15 on the TACACS+ server can administer the
device. Privilege level 15 is given to a user or group of users on the TACACS+
server by the following string in the user or group definition:
service = exec {
priv-lvl = 15
}
To configure TACACS+ server parameters:
STEP 1 Click Security > TACAC S+.
STEP 2 Enable TACACS+ Accounting if required. See explanation in the Accounting
Using a TACACS+ Server section.
STEP 3 Enter the following default parameters:
• Key String—Enter the default Key String used for communicating with all
TAC AC S+ s e r vers in Encrypted or Plaintext mode. The device can be
configured to use this key or to use a key entered for an specific server
(entered in the Add TACACS+ Server page).
If you do not enter a key string in this field, the server key entered in the Add
TACACS+ Server page must match the encryption key used by the
TAC AC S+ s e r ver.
If you enter both a key string here and a key string for an individual
TACACS+ server, the key string configured for the individual TACACS+
server takes precedence.
• Timeout for Reply—Enter the amount of time that passes before the
connection between the device and the TACACS+ server times out. If a
value is not entered in the Add TACACS+ Server page for a specific server,
the value is taken from this field.
To Next Page
Loading...
