Table of Contents
Advertisement
16
283
In addition to providing authentication and authorization services, the TACACS+ protocol
helps to ensure TACACS message protection through encrypted TACACS body messages.
TACACS+ is supported only with IPv4.
Some TACACS+ servers support a single connection that enables the device to receive all
information in a single connection. If the TACACS+ server does not support this, the device
reverts to multiple connections.
Accounting Using a TACACS+ Server
The user can enable accounting of login sessions using either a RADIUS or TACACS+ server.
The user-configurable, TCP port used for TACACS+ server accounting is the same TCP port
that is used for TACACS+ server authentication and authorization.
The following information is sent to the TACACS+ server by the device when a user logs in or
out:
Table 1:
Argument
Description
task_id
A unique accounting session
identifier.
user
Username that is entered for login
authentication.
rem-addr
P address of the user.
elapsed-time
Indicates how long the user was
logged in.
reason
Reports why the session was
terminated.
Defaults
The following defaults are relevant to this feature:
•
No default TACACS+ server is defined by default.
•
If you configure a TACACS+ server, the accounting feature is disabled by default.
Cisco Sx350, SG350X, SG350XG, Sx550X & SG550XG Series Managed Switches, Firmware Release 2.2.5.x
Configuring TACACS+
In Start
In Stop
Message
Message
Yes
Yes
Yes
Yes
Yes
Yes
No
Yes
No
Yes
Security
Hide quick links:
Advertisement
Table of Contents
