TACACS+ Servers

TACACS+ is a remote authentication protocol that provides access control for routers, network access servers, and other networked computing devices through one or more centralized servers. TACACS+ allows a client to accept a user name and password and send a query to a TACACS+ authentication server. The server host determines whether to accept or deny the request and sends a response back that allows or denies the user access to the network.

TACACS+ offers fully encrypted packet bodies and supports both IP and AppleTalk protocols. TACACS+ uses TCP port 49, which is seen as more reliable than RADIUSʼs UDP.

By default, the TACACS+ Servers option under User & Device is not visible unless you add a server using the following CLI command: config user tacacs+ edit <name> set server <IP_address> next end

To manage TACACS+ servers, go to User & Authentication > TACACS+ Servers.

Hover over the leftmost edge of the column heading to display the Configure Table icon, which you can use to select the columns to display or to reset all the columns to their default settings. You can also drag column headings to change their order.

The following options are available:

Create New	Create a TACACS+ server. See Create or edit a TACACS server.
Edit	Modify a TACACS+ server. See Create or edit a TACACS server.
Clone	Make a copy of a TACACS+ server.
Delete	Remove a server or servers.
Search	Enter a search term to find in the TACACS+ server list.
Name	The name that identifies the TACACS+ server on the unit.
Server	The domain name or IP address of the TACACS+ server.
Authentication Type	The authentication type used by the server.
Ref.	Displays the number of times the object is referenced to other objects. To view the location of the referenced object, select the number in Ref.; the Object Usage window opens and displays the various locations of the referenced object.