The TACACS+ client is disabled by default. When the TACACS+ client is enabled on the S- K- or 7100-Series, using the set tacacs enable command, the session authorization parameters configured with the set tacacs session authorization command are sent by the client to the TACACS+ server when a session is initiated. The parameter values must match a service and access level attribute-value pairs configured on the server for the session to be authorized. If the parameter values do not match, the session will not be allowed. The service name and attribute-value pairs can be any character string, and are determined by your TACACS+ server configuration.
When session accounting is enabled, using the set tacacs session accounting command, the TACACS+ server will log accounting information, such as start and stop times, IP address of the remote user, and so forth, for each authorized client session. Once session accounting has been enabled, you can disable it with this command.
The S- K- and 7100-Series device is informed of the TACACS+ server properties using the set tacacs server command. You can configure the timeout value for all configured servers or a single server, or you can configure the IP address, TCP port, and secret for a single server, specifying a server index value for this server.