Configure TACACS+ Accounting Service

If you want to have an audit trail for user logins, you can configure PacketShaper as a TACACS+ client and specify the accounting server settings. Once this is configured, PacketShaper will send a TAC_PLUS_ACCT_FLAG_START accounting message to the accounting server when a user logs in and a TAC_PLUS_ACCT_FLAG_STOP message when a user logs off or is disconnected.

To configure PacketShaper to work with a TACACS+ accounting server:

1. Click the Setup tab.

3. In the Accounting field, select on.

4. In the Primary Accounting Host field, enter the IP address or DNS name of the TACACS+ accounting server.

5. Optional: To access the TACACS+ server with a specific port, enter a number in the Port field.

If the field is left blank, the default port (49) will be used.

6. In the Shared Secret field, enter the designated secret.

7. Optional: Specify a Secondary Accounting Host to use in case the primary TACACS+ server is not accessible or failed to authenticate. Be sure to specify its Shared Secret as well.

8. If necessary, adjust the Timeout interval.

By default, PacketShaper waits 10 seconds for a response from the TACACS+ server before the login fails. You can select a value between 1 and 60 seconds.

9. Click apply changes.

Note: Starting in PS 11.10.3, if the TACACS+ primary server has an authentication failure, PacketShaper attempts to log onto a configured secondary server; in earlier versions, PacketShaper attempted to log onto the secondary server only when the primary server had a connection failure and failed to respond.

Related Topics Link IconRelated Topics