Prisma SD-WAN
Add TACACS+ Profile
Table of Contents
Add TACACS+ Profile
Learn how to add a TACACS+ profile.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
- Navigate to .Create a TACACS+ Profile.
![]()
Enter profile Name and optionally Description and Tags.Select a Protocol from the available options CHA or PAP.Select Server Address Input- IPv4/IPv6 or FQDN.Enter the Server details, such as IP address, port, secret key, and server response time of a maximum of 10 seconds.If a user is present in the TACACS+ server and enters the correct credentials, the user will be able to log in successfully. If a user is present in both TACACS+ and local database, AAA server authentication is used. If a device isn't online, but the AAA server is reachable and the user is in the TACACS+ database, the user can log in using an SSH/remote connection.Local authentication (not TACACS+) is used when:- All four AAA servers are not reachable.
- The user menu for offline device access.
- The user isn't present in the TACACS+ server or database.
- AAA servers are reachable but the user is present only in the local database.
Only TACACS+ server information is communicated with the ION device. TACACS+ user configuration is done on the actual TACACS+ server console.The TACACS+ server must send role attribute in authorization reply (supported roles are super, readonly, monitor). If TACACS+ server does not send role, default role would be readonly.After creating the profile, associate a TACACS+ profile with a device. You can edit or delete a profile from the system.Associate a TACACS+ Profile with a Device
After creating a profile, associate the profile with a device.- Navigate to .Select the device and then select the AAA configuration.Create TACACS+ Element Configuration for the selected device.
![]()
Select the TACACS+ Profile and then select the Source Interface.Enter profile Name, Description, and Tags.If you want to customize the profile values, select Customize profile values.Customize the server and protocol values; when editing the values for the first time, you need to reenter the values and Submit.You can view the profile custom values on the TACACS+ page of the AAA tab. You can edit or delete the customized server details.![]()
Related CLIs
- config banner
- debug log agent eal file log
- debug logging facility
- debug logs dump
- debug logs follow
- debug logs tail
- debug process
- debug reboot
- debug service link logging
- debug time sync
- file export
- file remove
- file space available
- file tailf log
- file view log
- inspect certificate
- inspect cgnx infra role
- inspect connection
- inspect process status
- inspect switch mac address table
- dump auth config
- dump auth status
- dump banner config
- dump device accessconfig
- dump device conntrack count
- dump device date
- dump device info
- dump device status
- dump radius config
- dump radius statistics
- dump radius status
- dump sensor type
- dump sensor type summary
- dump time config
- dump time log
- dump time status
- dump troubleshoot message
- clear switch mac address entries
- clear device account login
