Configure AAA TACACS Settings

You must be in the process of configuring a new AAA TACACS policy or modifying an existing policy to use this procedure.

Use this procedure to configure or modify settings for an AAA TACACS policy.

Choose from the following actions:
- If you are in the process of configuring a new AAA TACACS policy, proceed to the next step.
- If you want to edit settings for an AAA TACACS policy, go to Policies > AAA TACACS.
  
  Select adjacent to the target AAA TACACS policy. Modify the settings in the Settings tab in accordance with the steps in this procedure.
Select the Settings tab.

In the Authentication pane, configure the parameters as described in AAA TACACS Policy Authentication Parameters.

Table 1. AAA TACACS Policy Authentication Parameters
Parameter	Description
Authentication Access Method	Specify the connection method(s) for authentication requests. All – Authentication is performed for all types of access without prioritization. Console – Authentication is performed only for console access. Telnet – Authentication is performed only for access through Telnet. SSH – Authentication is performed only for access through SSH. Web – Authentication is performed only for access through the Web interface.
Directed Request	Select this option to enable the AAA TACACS authentication server to be used with the ‘@<server name>‘ nomenclature. The specified server must be present in the list of defined Authentication servers. This option is disabled by default.

In the Authorization pane, configure the parameters as described in AAA TACACS Policy Authorization Parameters.

Table 2. AAA TACACS Policy Authorization Parameters
Parameter	Description
Authorization Access Method	Specify the connection method(s) for authorization requests. All – Authorization is performed for all types of access without prioritization. Console – Authorization is performed only for console access. Telnet – Authorization is performed only for access through Telnet. SSH – Authorization is performed only for access through SSH.
Allow Privileged Commands	Select this option to enable privileged commands executed without command authorization. Privileged commands are commands that can alter/ change the authorization server configuration. This Option is disabled by default.

In the Accounting pane, configure the parameters as described in AAA TACACS Policy Accounting Parameters.

Table 3. AAA TACACS Policy Accounting Parameters
Parameter	Description
Accounting Access Method	Specify the connection method(s) for accounting requests. All – Accounting is performed for all types of access without prioritization. Console – Accounting is performed only for console access. Telnet – Accounting is performed only for access through Telnet. SSH – Accounting is performed only for access through SSH.
Authentication Failure	Select this option to enable accounting upon authentication failures. This option is disabled by default.
CLI Commands	Select this option to enable accounting for CLI commands. This option is disabled by default.
Session	Select this option to enable accounting for session start and session stop events. This option is disabled by default.

In the Service Protocol Settings pane, select Add, then configure the parameters as described in AAA TACACS Policy Service Protocol Parameters.

Note

A maximum or 5 entries can be made in the Service Protocol Settings table.

Table 4. AAA TACACS Policy Service Protocol Parameters
Parameter	Description
Service Name	Provide a 30 character maximum shell service for user authorization.
Service Protocol	Enter a protocol for user authentication using the service.