About TACACS+ Support

Terminal Access Controller Access-Control System Plus (TACACS+) is one of the Authentication, Authorization and Accounting protocols that can be used to authenticate controller administrators. TACACS+ is an extensible AAA protocol that provides customization and future development features, and uses TCP to ensure reliable delivery.

In addition to selecting TACACS+ as the RADIUS type, you must also complete the following steps for TACACS+ based authentication to work.

  1. Edit the TACACS+ configuration file (tac_plus.conf) on the TACACS+ server to include the service user name..
    See the example below. 
    key = test@1234
accounting file = /var/log/tac_acct.log
user = username {
        member = show
        login = cleartext "password1234!"  
        }
group = show {
        service = super-login {
 user-name = super <<==mapped to the user account in the controller
		               }
  2. On the controller web interface, go to the Administration > Admins and Roles > Administrators tab, and then create an administrator account (see Creating Administrator Accounts) with super as the user name.
  3. Go to the Administration > Admins and Roles > Groups tab, and then assign the super administrator account an administrator role (see Creating User Groups).
  4. When you add a RADIUS server for administrators (see Creating a RADIUS Server for Administrator Authentication), select TACACS+ as the authentication type.
  5. After you add the RADIUS server for administrators, test it using the account username@super-login. You have completed the configuration steps required to ensure that TACACS+ authentication for administrators work on the controller.
Parent topic: Creating a RADIUS Server for Administrator Authentication