Similar to RADIUS, the main function of TACACS+ is to perform authentication for remote access. The SLC supports the TACACS+ protocol (not the older TACACS or XTACACS protocols).
The system administrator and users with appropriate configuration rights can configure the SLC to use TACACS+ to authenticate users attempting to log in using Telnet, SSH, or the console port.
Note: Users who are authenticated through TACACS+ are granted port access through port permissions on this page.
To configure the SLC to use TACACS to authenticate users:
Complete the following fields:
Enable TACACS+ |
Displays selected if you enabled this method on the User Authentication page. If you want to set up this authentication method but not enable it immediately, clear the checkbox. Note: If you enable TACACS+ here, it automatically displays at the end of the order of precedence on the User Authentication page. |
TACACS+ Servers |
IP address or host name of up to three TACACS+ servers. |
Secret |
Shared secret for message encryption between the SLC and the TACACS+ server. Enter an alphanumeric secret of up to 127 characters. |
Encrypt Messages |
Select the checkbox to encrypt messages between the SLC and the TACACS+ server. The default is selected. |
Custom Menu |
If custom menus have been created (see the User Guide), you can assign a default custom menu to TACACS+ users. |
Data Ports |
The ports users are able to monitor and interact with using the connect direct command. |
Listen Ports |
The ports users are able to monitor using the connect listen command. |
Clear Port Buffers |
The ports whose port buffer users may clear using the set locallog clear command. |
In the User Rights section, select the user group to which TACACS+ users will belong:
Group |
Select the group to which the TACACS+ users will belong: Default Users: This group has only the most basic rights (described above). Power Users: This group has the same rights as Default Users plus Networking, Date/Time, Reboot & Shutdown; Diagnostics & Reports. Administrators: This group has all possible rights. |
Select or clear the checkboxes for the following rights:
Full Administrative |
Right to perform any function on the SLC. |
Networking |
Right to enter network and routing settings. |
Services |
Right to enable and disable system and audit logging, SSH and Telnet logins, SNMP, and SMTP. Includes NFS and CIFS. |
Date/Time |
Right to set the date and time. |
Local Users |
Right to add or delete local users on the system. |
Remote Authentication |
Right to assign a remote user to a user group and assign a set of rights to the user. Includes configuring remote authentication methods and ordering. |
SSH Keys |
Right to set SSH keys for authenticating users. |
User Menus |
Right to create or edit a custom user menu for the CLI . |
Reboot & Shutdown |
Right to shutdown or reboot the SLC. |
Firmware & Configuration |
Right to upgrade the firmware on the unit and save or restore a configuration (all settings). |
Diagnostics & Reports |
Rights to obtain diagnostic information and reports about the unit. |
SLC Network |
Right to view and manage SLCs on the local subnet. |
Web Access |
Right to access Web-Manager. |
Device Ports |
Right to enter device port settings. Includes creating bidirectional and unidirection connections |
PC Card |
Right to enter modem settings for PC cards. Includes managing storage PC Cards. |
To save, click Apply.
Note: You must reboot the unit before changes will take effect.
See also