Security
Configuring TACACS+
Cisco Small Business 200, 300 and 500 Series Managed Switch Administration Guide (Internal Version) 333
18
• Authorization—Performed at login. After the authentication session is
completed, an authorization session starts using the authenticated
username. The TACACS+ server then checks user privileges.
• Accounting—Enable accounting of login sessions using the TACACS+
server. This enables a system administrator to generate accounting reports
from the TACACS+ server.
In addition to providing authentication and authorization services, the TACACS+
protocol helps to ensure TACACS message protection through encrypted
TAC AC S b od y m es s ag es .
TACACS+ is supported only with IPv4.
Some TACACS+ servers support a single connection that enables the device to
receive all information in a single connection. If the TACACS+ server does not
support this, the device reverts to multiple connections.
Accounting Using a TACACS+ Server
The user can enable accounting of login sessions using either a RADIUS or
TAC AC S+ se r ve r.
The user-configurable, TCP port used for TACACS+ server accounting is the same
TCP port that is used for TACACS+ server authentication and authorization.
