Security
Configuring TACACS+
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x 284
16
Interactions With Other Features
You cannot enable accounting on both a RADIUS and TACACS+ server.
Workflow
To use a TACACS+ server, do the following:
STEP 1 Open an account for a user on the TACACS+ server.
STEP 2 Configure that server along with the other parameters in the TACACS+ Client pages.
STEP 3 Select TACACS+ in the Management Access Authentication page, so that when a user logs
onto the device, authentication is performed on the TACACS+ server instead of in the local
database.
NOTE If more than one TACACS+ server has been configured, the device uses the configured
priorities of the available TACACS+ servers to select the TACACS+ server to be used by the
device.
TACACS+ Client
The TACACS+ page enables configuring TACACS+ servers.
Only users who have privilege level 15 on the TACACS+ server can administer the device.
Privilege level 15 is given to a user or group of users on the TACACS+ server by the following
string in the user or group definition:
service = exec {
priv-lvl = 15
}
To configure TACACS+ server parameters:
STEP 1 Click Security > TACACS+.
STEP 2 Enable TACACS+ Accounting if required. See explanation in the Accounting Using a
TACACS+ Server section.
STEP 3 Enter the following default parameters:
• Key String—Enter the default Key String used for communicating with all TACACS+
servers in Encrypted or Plaintext mode. The device can be configured to use this key
or to use a key entered for an specific server (entered in the Add TACACS+ Server
page).
To Next Page
Loading...
