Prisma SD-WAN
Add TACACS+ Profile
Table of Contents
Add TACACS+ Profile
Learn how to add a TACACS+ profile.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
- Navigate to .
- Create a TACACS+ Profile.
- Enter profile Name and optionally Description and Tags.
- Select a Protocol from the available options CHA or PAP.
- Select Server Address Input- IPv4/IPv6 or FQDN.
- Enter the Server details, such as IP address, port, secret key, and server response time of a maximum of 10 seconds.If a user is present in the TACACS+ server and enters the correct credentials, the user will be able to log in successfully. If a user is present in both TACACS+ and local database, AAA server authentication is used. If a device isn't online, but the AAA server is reachable and the user is in the TACACS+ database, the user can log in using an SSH/remote connection.Local authentication (not TACACS+) is used when:
- All four AAA servers are not reachable.
- The user menu for offline device access.
- The user isn't present in the TACACS+ server or database.
- AAA servers are reachable but the user is present only in the local database.
After creating the profile, associate a TACACS+ profile with a device. You can edit or delete a profile from the system.
Associate a TACACS+ Profile with a Device
After creating a profile, associate the profile with a device.
- Navigate to .
- Select the device and then select the AAA configuration.
- Create TACACS+ Element Configuration for the selected device.
- Select the TACACS+ Profile and then select the Source Interface.
- Enter profile Name, Description, and Tags.
- If you want to customize the profile values, select Customize profile values.
- Customize the server and protocol values; when editing the values for the first time, you need to reenter the values and Submit.You can view the profile custom values on the TACACS+ page of the AAA tab. You can edit or delete the customized server details.
