2. In this session we will setup
• We will understand TACACS+ as an authentication algorithm.
• Setup TACACS as an authentication on Cisco Router
• Setup TACACS as an authentication on Cisco ISE 2.4
• Verify the setup
3. TACACS
• Terminal Access Controller Access Control System
• Used to control management access to network equipment such as a switch or a router.
• Uses TCP/49.
• Allows for authorization as well, including shell privileges and command level authorization.
Unlike RADIUS, Authorization happen in different packets.
10. Post Change
!
aaa server group tacacs+ ISE_TACACS
server name ISE1
!
aaa authentication login COSOLE line
aaa authentication login VTY group ISE_TACACS local
aaa authorization config-commands
aaa authorization exec default group tacacs local if-authenticated
aaa authorization exec VTY group ISE_TACACS local if-authenticated
aaa authorization commands 1 VTY group ISE_TACACS local if-authenticated
aaa authorization commands 15 VTY group ISE_TACACS local if-authenticated
!
11. Post Change
!
aaa accounting update periodic 15
aaa accounting exec default start-stop group ISE_TACACS
aaa accounting commands 1 default start-stop group ISE_TACACS
aaa accounting commands 15 default start-stop group ISE_TACACS
!