Security
Configuring TACACS+
Cisco 350, 350X and 550X Series Managed Switches, Firmware Release 2.4, ver 0.4 319
17
In addition to providing authentication and authorization services, the TACACS+ protocol
helps to ensure TACACS message protection through encrypted TACACS body messages.
TACACS+ is supported only with IPv4.
Some TACACS+ servers support a single connection that enables the device to receive all
information in a single connection. If the TACACS+ server does not support this, the device
reverts to multiple connections.
Accounting Using a TACACS+ Server
The user can enable accounting of login sessions using either a RADIUS or TACACS+ server.
The user-configurable, TCP port used for TACACS+ server accounting is the same TCP port
that is used for TACACS+ server authentication and authorization.
The following information is sent to the TACACS+ server by the device when a user logs in or
out:
Defaults
The following defaults are relevant to this feature:
• No default TACACS+ server is defined by default.
• If you configure a TACACS+ server, the accounting feature is disabled by default.
Table 1:
Argument Description In Start
Message
In Stop
Message
task_id A unique accounting session
identifier.
Yes Yes
user Username that is entered for login
authentication.
Yes Yes
rem-addr IP address of the user. Yes Yes
elapsed-time Indicates how long the user was
logged in.
No Yes
reason Reports why the session was
terminated.
No Yes
To Next Page
Loading...
