Beginning with ScreenOS 6.0.0 TACACS+ as an external authentication server for administration purposes is supported.
Below is this example scenario of TACACS server object where the TACACS server is called “AUTH“. The CLI commands required for this are as follows:
set auth-server “AUTH” server-name “172.16.0.10”
set auth-server “AUTH” account-type admin
set auth-server “AUTH” type tacacs
set auth-server “AUTH” tacacs secret Screen05
set auth-server “AUTH” tacacs port 49
The AUTH server will be configured as admin auth server as below –
set admin auth remote root
set admin privilege get-external
- Click Interface Configuration, and select TACACS+ (Cisco IOS)
- Add a new service called “netscreen”, and leave the protocol field blank
- Check both the user and group check box.
- Click Submit
On the user configuration, scroll down to the bottom and select the netscreen (case sensitive) Custom attributes check boxes. Specify the attributes in the custom attributes field.The attributes that can be specified are as follows:
Related – TACACS VS TACACS+
Note: TACACS+ is not supported for use as an authentication server for xauth or policy authentication.
The verification and debug commands are –
-> get admin user login
debug admin all
debug auth all
ABOUT THE AUTHOR
I am here to share my knowledge and experience in the field of networking with the goal being – “The more you share, the more you learn.”
I am a biotechnologist by qualification and a Network Enthusiast by interest. I developed interest in networking being in the company of a passionate Network Professional, my husband.
I am a strong believer of the fact that “learning is a constant process of discovering yourself.”
– Rashmi Bhardwaj (Author/Editor)
