Specifications
Chapter 4 Managing GSS User Accounts Through a TACACS+ Server
TACACS+ Configuration Quick Start
4-4
Cisco Global Site Selector Administration Guide
OL-5480-01
If the GSS cannot contact any of the three specified TACACS+ servers, the GSS
checks for the local authentication setting and falls back to performing local user
authentication through either the console port or a Telnet connection. Local
authentication is always enabled on the console port and Telnet connection to
avoid lockout. Local authentication is an option for an FTP, GUI, or SSH
connection.
TACACS+ Configuration Quick Start
Table 4-1 provides a quick overview of the steps required to configure TACACS+
server operation on a GSS. Each step includes the CLI command required to
complete the task. For a complete description of each feature and all the options
associated with the CLI command, see the sections following the table.
Ta b l e 4-1 TACACS+ Configuration Quick Start
Task and Command Example
1. Configure the authentication, authorization, and accounting service settings
on the TACACS+ server, such as the Cisco Secure Access Control Server
(ACS).
2. Enable global configuration mode on the GSS device.
gssm1.example.com# config
gssm1.example.com(config)#
3. Define the TACACS+ server containing the TACACS+ authentication,
authorization, and accounting databases. You can define a maximum of
three servers for use with the GSS. Specify the IP address or host name for
the server. By default, the TCP port is 49. You can optionally define a
different port number and, if required, a TACACS+ server encryption key.
gssm1.example.com(config)# tacacs-server host 192.168.1.102 port
9988 key SECRET-456
4. (Optional) Define a global TACACS+ timeout period for use with the
configured TACACS+ servers.
gssm1.example.com(config)# tacacs-server timeout 60
5. Enable TACACS+ authentication for a specific GSS access method.
gssm1.example.com(config)# aaa authentication ssh