User Manual User guide
438 Rockwell Automation Publication 1783-UM006A-EN-P - May 2014
Chapter 14 Configuring RADIUS and TACACS+ Servers
Beginning in privileged EXEC mode, follow these
steps to specify TACACS+ authorization for
privileged EXEC access and network services:
1. Enter global configuration mode.
configure terminal
2. Configure the access point for administrator TACACS+ authorization for
all network-related service requests.
aaa authorization network tacacs+
3. Configure the access point for administrator TACACS+ authorization to
determine if the administrator has privileged EXEC access.
The
exec keyword can return user profile information (such as
autocommand information).
aaa authorization exec tacacs+
4. Return to privileged EXEC mode.
end
5. Verify your entries.
show running-config
6. (Optional) Save your entries in the configuration file.
copy running-config startup-config
To disable authorization, use the no aaa authorization {network |
exec} method1
global configuration command.
Starting TACACS+ Accounting
The AAA accounting feature tracks the services that administrators are accessing
and the amount of network resources that they are consuming. When AAA
accounting is enabled, the access point reports administrator activity to the
TACACS+ security server in the form of accounting records. Each accounting
record contains accounting attribute-value (AV) pairs and is stored on the
security server. This data can then be analyzed for network management, client
billing, or auditing.
Beginning in privileged EXEC mode, follow these steps to enable TACACS+
accounting for each Cisco IOS privilege level and for network services:
1. Enter global configuration mode.
configure terminal
2. Enable TACACS+ accounting for all network-related service requests.
aaa accounting network start-stop tacacs+