Cisco Systems OL-5650-02 Configuring TACACS+ Server User Accounts for Use with the CSS

4-3

Cisco Content Services Switch Security Configuration Guide

OL-5650-02

Chapter4 Configuring the CSS as a Client of a TACACS+ Server

Configuring TACACS+ Server User Accounts for Use with the CSS

The following running-configuration example shows the results of entering the

commands in Tabl e 4-1.

!************************** GLOBAL **************************

virtual authentication primary tacacs

tacacs-server 192.168.11.1 12 20 6dab4b3gibcbef3e primary frequency 10

Configuring TACACS+ Server User Accounts for Use with the CSS

This section provides background information on the setup of a TACACS+ server.

It is intended as a guide to help ensure proper communication with a TACACS+

server and a CSS operating as a TACACS+ client.

The following sections summarize the recommended Cisco Secure Access

Control Server (ACS) TACACS+ user authentication and authorization settings.

To configure the authentication settings on Cisco Secure ACS, go to the Network

Configuration section of the Cisco Secure ACS HTML interface, the Add AAA

Client page, and complete the following fields:

•AAA Client Hostname - Enter a name you want assigned to the CSS.

•AAA Client IP Address - Enter the IP address of the CSS Ethernet

management port or of a CSS circuit (depending on how the CSS is

configured to communicate with the Cisco Secure ACS).

5. Use the virtual authentication command to configure the primary,

secondary, and tertiary virtual authentication method.

#(config) virtual authentication primary tacacs

6. (Recommended) Verify your TACACS+ server configuration. See the

“Showing TACACS+ Server Configuration Information” section.

(config)# show tacacs-server

Table4-1 TACACS+ Configuration Quick Start (continued)

Task and Command Example