About TACACS+ Support

Terminal Access Controller Access-Control System Plus (TACACS+) is one of the Authentication, Authorization and Accounting protocols used to authenticate controller administrators. TACACS+ is an extensible AAA protocol that provides customization and future development features, and uses TCP to ensure reliable delivery.

In addition to selecting TACACS+ as the server type, complete the following steps for TACACS+ based authentication to work on the controller.

  1. Edit the TACACS+ configuration file (tac_plus.conf) on the TACACS+ server to include the service user name.
    For example, 
    key = test@1234
accounting file = /var/log/tac_acct.log
user = username {
        member = show
        login = cleartext "password1234!"  
        }
group = show {
        service = super-login {
 user-name = super <<==mapped to the user account in the controller
		               }
  2. On the controller web interface, select Administration > Admins and Roles > Administrators, and click Create to create an administrator account with super as the user name.
    NOTE
    Refer to Creating Administrator Accounts.
  3. Select Administration > Admins and Roles > Groups and assign an administrator role to the super administrator account.
    NOTE
    Refer to Creating User Groups.
  4. When adding a server type for administrators, select TACACS+ as the authentication server type.
    NOTE
    Refer to Configuring AP AAA Servers.
  5. Test the TACACS+ server using the account username@super-login.
Parent topic: Working with AAA Servers