CHAPTER 5
Configuring TACACS+
This chapter describes how to configure the Terminal Access Controller Access Control System Plus
(TACACS+) protocol on Cisco NX-OS devices.
This chapter includes the following sections:
• About TACACS+, on page 67
• Licensing Requirements for TACACS+, on page 71
• Prerequisites for TACACS+, on page 71
• Guidelines and Limitations for TACACS+, on page 71
• Default Settings for TACACS+, on page 72
• Configuring TACACS+, on page 72
• Monitoring TACACS+ Servers, on page 99
• Clearing TACACS+ Server Statistics, on page 99
• Verifying the TACACS+ Configuration, on page 100
• Configuration Examples for TACACS+, on page 100
• Where to Go Next , on page 102
• Additional References for TACACS+, on page 102
About TACACS+
The TACACS+ security protocol provides centralized validation of users attempting to gain access to a Cisco
NX-OS device. TACACS+ services are maintained in a database on a TACACS+ daemon running, typically,
on a UNIX or Windows NT workstation. You must have access to and must configure a TACACS+ server
before the configured TACACS+ features on your Cisco NX-OS device are available.
TACACS+ provides for separate authentication, authorization, and accounting facilities. TACACS+ allows
for a single access control server (the TACACS+ daemon) to provide each service—authentication,
authorization, and accounting—independently. Each service can be tied into its own database to take advantage
of other services available on that server or on the network, depending on the capabilities of the daemon.
The TACACS+ client/server protocol uses TCP (TCP port 49) for transport requirements. Cisco NX-OS
devices provide centralized authentication using the TACACS+ protocol.
TACACS+ Advantages
TACACS+ has the following advantages over RADIUS authentication:
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
67
To Next Page
Loading...
