security server, to configure the user’s session. The user is granted access to a requested service only if the
information in the user profile allows it.
Related Topics
Configuring TACACS+ Authorization for Privileged EXEC Access and Network Services, on page 47
Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus
(TACACS+), on page 37
TACACS+ Accounting
The AAA accounting feature tracks the services that users are accessing and the amount of network resources
that they are consuming. When AAA accounting is enabled, the switch reports user activity to the TACACS+
security server in the form of accounting records. Each accounting record contains accounting attribute-value
(AV) pairs and is stored on the security server. This data can then be analyzed for network management, client
billing, or auditing.
Related Topics
Starting TACACS+ Accounting, on page 48
Default TACACS+ Configuration
TACACS+ and AAA are disabled by default.
To prevent a lapse in security, you cannot configure TACACS+ through a network management application.
When enabled, TACACS+ can authenticate users accessing the switch through the CLI.
Although TACACS+ configuration is performed through the CLI, the TACACS+ server authenticates
HTTP connections that have been configured with a privilege level of 15.
Note
How to Configure TACACS+
This section describes how to configure your switch to support TACACS+.
Related Topics
Method List Description, on page 42
Prerequisites for Controlling Switch Access with Terminal Access Controller Access Control System Plus
(TACACS+), on page 37
Identifying the TACACS+ Server Host and Setting the Authentication Key
Beginning in privileged EXEC mode, follow these steps to identify the TACACS+ server host and set the
authentication key:
Catalyst 2960-XR Switch Security Configuration Guide, Cisco IOS Release 15.0(2)EX1
OL-29434-01 43
Configuring TACACS+
TACACS+ Accounting
To Next Page
Loading...
Need help?
General
