Configure NAS devices to access the TACACS+ server

In this topic, you will find tips on how to configure your NAS devices to access the Portnox™ Cloud local TACACS+ server.

Note: This topic only contains examples to guide you. Consult your NAS device documentation for specific instructions on how to set up TACACS+ on your NAS devices.

To configure your NAS device to use the local TACACS+ server, you will need the following information:

  • The IP address of the local TACACS+ server, in our examples: 10.0.0.124

    (Settings > Services > LOCAL TACACS+ SERVICE > LOCAL TACACS+ profile > server_name)

  • The shared secret to access the local TACACS+ server, in our examples: 7cH3vCaXaB67WhfSEqUtGNa5

    (Settings > Services > LOCAL TACACS+ SERVICE > LOCAL TACACS+ profile > server_name > Edit > Shared Secret >  👁 )

The following are examples of configuration for common NAS devices.

Cisco

(config)#aaa authentication login default group tacacs+ local
(config)#aaa authorization exec default group tacacs+ if-authenticated
(config)#aaa authorization network default group tacacs+ if-authenticated
(config)#aaa accounting exec default start-stop group tacacs+
(config)#aaa accounting network default start-stop group tacacs+
(config)#tacacs server CLEAR
(config-server-tacacs)#address ipv4 10.0.0.124
(config-server-tacacs)#key 7cH3vCaXaB67WhfSEqUtGNa5

Aruba

(config)#tacacs-server host 10.0.0.124 key 7cH3vCaXaB67WhfSEqUtGNa5
(config)#aaa authorization commands tacacs

Juniper

user@host#set system tacplus-server 10.0.0.124 
user@host#set system tacplus-server 10.0.0.124 secret 7cH3vCaXaB67WhfSEqUtGNa5 
user@host#set system tacplus-server 10.0.0.124 source-address 10.0.0.1 
user@host#set system authentication-order [tacplus password]
user@host#set system login user remote class operator