Chapter4 Con figuring the CSS as a Client of a TACACS+ Server
TACACS+ Configuration Quick Start
4-2
Cisco Content Services Switch Security Configuration Guide
OL-5650-02
TACACS+ Configuration Quick StartTabl e 4-1 provides a quick overview of the steps required to configure the
TACACS+ feature on a CSS. Each step includes the CLI command required to
complete the task. For a complete description of each feature and all the options
associated with the CLI command, see the sections following the table.
Table4-1 TACACS+ Configuration Quick Start
Task and Command Example
1. Configure the authentication settings on the Cisco Secure ACS in the
Network Configuration section of the Cisco Secure ACS HTML interface,
the Add AAA Client page, and complete the following fields:
•AAA Client Hostname
•AAA Client IP Address
•Key
•Authenticate Using
See the “Configuring Authentication Settings” section.
2. To determine the privilege level of users accessing the CSS, configure the
user accounts on the TACACS+ server. See the “Configuring Authorization
Settings” section.
3. (Optional) If you are configuring global timeout, keepalive frequency, or
encryption key attributes for the TACACS+ server, you must configure
these parameters before you configure the server. For information on
configuring global TACACS+ attributes, see the “Configuring Global
TACACS+ Attributes” section.
4. Use the tacacs-server command to define a server. You must provide the
IP address and port number for the server. You can optionally define a
specific timeout period, encryption key, or keepalive frequency, and
designate the server as the primary server. See the “Defining a TACACS+
Server” section.
(config)# tacacs-server 192.168.11.1 12 20 “summary” primary
frequency 10