Chapter 4 Configuring the CSS as a Client of a TACACS+ Server

Configuring TACACS+ Server User Accounts for Use with the CSS

Table 4-1 TACACS+ Configuration Quick Start (continued)

Task and Command Example

5.Use the virtual authentication command to configure the primary, secondary, and tertiary virtual authentication method.

#(config) virtual authentication primary tacacs

6.(Recommended) Verify your TACACS+ server configuration. See the “Showing TACACS+ Server Configuration Information” section.

(config)# show tacacs-server

The following running-configuration example shows the results of entering the commands in Table 4-1.

!************************** GLOBAL **************************

virtual authentication primary tacacs

tacacs-server 192.168.11.1 12 20 6dab4b3gibcbef3e primary frequency 10

Configuring TACACS+ Server User Accounts for Use with the CSS

This section provides background information on the setup of a TACACS+ server. It is intended as a guide to help ensure proper communication with a TACACS+ server and a CSS operating as a TACACS+ client.

The following sections summarize the recommended Cisco Secure Access Control Server (ACS) TACACS+ user authentication and authorization settings.

Configuring Authentication Settings

To configure the authentication settings on Cisco Secure ACS, go to the Network Configuration section of the Cisco Secure ACS HTML interface, the Add AAA Client page, and complete the following fields:

AAA Client Hostname - Enter a name you want assigned to the CSS.

AAA Client IP Address - Enter the IP address of the CSS Ethernet management port or of a CSS circuit (depending on how the CSS is configured to communicate with the Cisco Secure ACS).

 

 

Cisco Content Services Switch Security Configuration Guide

 

 

 

 

 

 

OL-5650-02

 

 

4-3

 

 

 

Page 85
Image 85
Cisco Systems OL-5650-02 manual #config virtual authentication primary tacacs, Config# show tacacs-server