Run the local TACACS+ server in a container

In this topic, you will learn how to deploy the Portnox™ Cloud local TACACS+ server using Docker containers.

For information about how the Portnox Cloud TACACS+ service works, see the following topic: How does the Portnox Cloud TACACS+ service work?.

  1. In the Cloud portal top menu, click on the Settings option.

  2. In the right-hand side pane, find and click on the LOCAL TACACS+ SERVICE heading.

    More options appear under the LOCAL TACACS+ SERVICE heading and description.

  3. Under the LOCAL TACACS+ heading, click on the Add a new Local TACACS+ profile (Docker) link to begin the configuration process for the new local TACACS+ instance.

    Your browser will display the Add new Local TACACS+ cluster heading with configuration fields for the new local TACACS+ instance.

  4. In the Name field, enter a name for your local TACACS+ server.

    This name is also used as the hostname that your NAS devices will use to contact the local TACACS+ server. However, using the IP address in NAS configuration is recommended. You will find the IP address later, in the cloud platform that you will use to run the Docker image. You can also choose a local network address if you run the Docker image on-premises.

  5. Click on the  👁  icon and hold it to note down the value of the Shared Secret field to use it when configuring NAS devices to contact this local TACACS+ server.

    If you want to generate a different shared secret, click on the Regenerate link under the field.

    Note: After you save the server settings and view them, you can use the  ⧉  icon to copy the value to the clipboard.
  6. Click on the Save button to save the configuration.

    Note: If you click on the Save And Download button instead, your browser will download the ISO image with the configuration. You can set up the local TACACS+ server using this ISO file but it’s more difficult and in most cases unnecessary. Instead, we recommend that you set up the local TACACS+ server using the environment variables only.
  7. Click on the row that represents the newly added TACACS+ server to display more information.

  8. Click on the Generate link above to generate the TACACS_GATEWAY_TOKEN.
  9. Copy the environment variable values into a text file for later.

    Click on the  ⧉  icon next to the value to copy each value.

    • TACACS_GATEWAY_ORG_ID
    • TACACS_GATEWAY_PROFILE
    • TACACS_GATEWAY_TOKEN

    You can also copy these values directly from Portnox Cloud later, when setting up your Docker instance.

    Warning: If you use the  ⧉  icon to copy the values, the value is copied along with the key name and the equal sign. Make sure to remove the prefix before pasting the value into Azure.
  10. Deploy the local TACACS+ Docker image in the cloud or on-premises.