Terminal Access Controller Access Control System Plus (TACACS+) is a client-server protocol that provides centralized security control for management access to routers and many other types of network access devices. TACACS+ provides these AAA services:
- Authentication – Who the users are
- Authorization – What they are allowed to do
- Accounting – Who did what and when
This document provides configuration examples for TACACS+ with the Cisco Identity Services Engine (ISE) as the TACACS+ server and a Cisco NX-OS network device as the TACACS+ client.
This guide divides the activities into two parts to enable ISE to manage administrative access for Cisco IOS based network devices.
- Part 1 – Configure ISE for Device Admin
- Part 2 – Configure Cisco NX-OS for TACACS+
The information in this document is based on the software and hardware versions below:
- ISE VMware virtual appliance, Release 2.0
- Cisco Nexus1000V (N1Kv) for VMware vSphere, Cisco NX-OS 5.2(1)SV3(1.10)