1-38
Cisco ASA Series CLI Configuration Guide
Appendix 1 Configuring an External Server for Authorization and Authentication
Configuring an External TACACS+ Server
Configuring an External TACACS+ Server
The ASA provides support for TACACS+ attributes. TACACS+ separates the functions of
authentication, authorization, and accounting. The protocol supports two types of attributes: mandatory
and optional. Both the server and client must understand a mandatory attribute, and the mandatory
attribute must be applied to the user. An optional attribute may or may not be understood or used.
Note To use TACACS+ attributes, make sure that you have enabled AAA services on the NAS.
Table 1-10 lists supported TACACS+ authorization response attributes for cut-through-proxy
connections. Table 1-11 lists supported TACACS+ accounting attributes.
ACCT_DISC_ADMIN_RESET = 6
ACCT_DISC_ADMIN_REBOOT = 7
ACCT_DISC_PORT_ERROR = 8
ACCT_DISC_NAS_ERROR = 9
ACCT_DISC_NAS_REQUEST = 10
ACCT_DISC_NAS_REBOOT = 11
ACCT_DISC_PORT_UNNEEDED = 12
ACCT_DISC_PORT_PREEMPTED = 13
ACCT_DISC_PORT_SUSPENDED = 14
ACCT_DISC_SERV_UNAVAIL = 15
ACCT_DISC_CALLBACK = 16
ACCT_DISC_USER_ERROR = 17
ACCT_DISC_HOST_REQUEST = 18
ACCT_DISC_ADMIN_SHUTDOWN = 19
ACCT_DISC_SA_EXPIRED = 21
ACCT_DISC_MAX_REASONS = 22
Table 1-9
Disconnect Reason Code
Table 1-10 Supported TACACS+ Authorization Response Attributes
Attribute Description
acl Identifies a locally configured access list to be applied to the connection.
idletime Indicates the amount of inactivity in minutes that is allowed before the
authenticated user session is terminated.
timeout Specifies the absolute amount of time in minutes that authentication credentials
remain active before the authenticated user session is terminated.
To Next Page
Loading...
Need help?
General
