Configuring Security
Configuring TACACS+ Servers
Cisco 220 Series Smart Switches Administration Guide Release 1.1.0.x 189
16
Configuring TACACS+ Servers
An organization can establish a Terminal Access Controller Access Control
System (TACACS+) server to provide centralized security for all of its devices. In
this way, authentication and authorization can be handled on a single server for all
devices in the organization.
The switch can act as a TACACS+ client that uses the TACACS+ server for the
following services:
• Authentication—Provides authentication of administrators logging onto the
switch by using usernames and user-defined passwords.
• Authorization—Performed at login. After the authentication session is
completed, an authorization session starts using the authenticated
username. The TACACS+ server then checks user privileges.
The TACACS+ protocol ensures network integrity, through encrypted protocol
exchanges between the device and the TACACS+ server.
TACACS+ is supported only with IPv4.
Some TACACS+ servers support a single connection that enables the device to
receive all information in a single connection. If the TACACS+ server does not
support this, the device reverts back to multiple connections.
Use the TACACS+ page to configure the TACACS+ servers and define the default
parameters that are used for communicating with all TACACS+ servers. A user
must be configured on the TACACS+ to have privilege level 15 to be granted
permission to administer the switch.
To define default TACACS+ parameters and add a TACACS+ server:
STEP 1 Click Security > TACAC S+.
STEP 2 In the Use Default Parameters area, specify the default TACACS+ parameters:
• Key String—Enter the default key string in encrypted or plaintext form used
for communicating with all TACACS+ servers. If you do not enter the default
key string here, the key entered on the Add page must match the encryption
key used by the TACACS+ server. If you enter the default key string here and
a key string for an individual TACACS+ server, the key string configured for
the individual TACACS+ server takes precedence.
To Next Page
Loading...
