Device TACACS+
Learn about the device TACACS+ protocol.
Prisma SD-WAN supports
TACACS+ (Terminal Access Controller Access
Control System+) authentication protocol that controls network device access and SSH
login for controller nodes in a network infrastructure. TACACS+ uses TACACS+ server
profiles to log user activity, including when a user starts or stops using a service and
the session duration. These logs provide valuable records for auditing and compliance.
A device TACACS+ profile consists of multiple configured TACACS+ servers. You can add a
maximum of four servers, depending on servers reachability, the system tries to
sequentially connect to the available servers in the profile. If a user is present in
the TACACS+ server and enters the correct credentials, the user will be able to log in
successfully. If a device is not online, the AAA server is reachable and the user is in
the TACACS+ database, the user can log in using an SSH/remote connection. Based on
their reachability, the system attempts to connect to the servers sequentially.