TACACS+ (Terminal Access Controller Access Control System+), a protocol to provide centralized authentication, authorization, and accounting (AAA) services, controls network device access, and SSH login for controller nodes in a network infrastructure. TACACS+ uses a TACACS+ server profile to record user behavior, such as when a user started using a specific service, the duration of the service used, and when they stopped using the service. This helps to create logs and records of the initiation and termination of services and any services in progress during the user’s session, which you can use for auditing purposes.

A device TACACS+ profile consists of multiple configured TACACS+ servers. You can add a maximum of four servers, depending on servers reachability, the system tries to sequentially connect to the available servers in the profile. If a user is present in the TACACS+ server and enters the correct credentials, the user will be able to log in successfully. If a user isn't available in any database, the user won't be able to log in. If a user is present in both TACACS+ and local database, local authentication is used. If a device is not online, the AAA server is reachable and the user is in the TACACS+ database, the user can log in using an SSH/remote connection.

An ION device generates a log when the TACACS+ server successfully provides the accounting records to the server that you configure in the profile. If the device is unable to send the accounting records to any of the servers in the profile, the device generates a critical severity alert to the system logs.