Cisco TACACS + Sireletsehile Network Analytics

Selelekela

Terminal Access Controller Access-Control System (TACACS+) is a protocol that supports authentication and authorization services and allows a user to access multiple applications with one set of credentials. Use the following instructions to configure TACACS+ for Cisco Secure Network Analytics (formerly Stealth watch).

Bamameli
The intended audience for this guide includes network administrators and other personnel who are responsible for installing and configuring Secure Network Analytics products. If you prefer to work with a professional installer, please contact your local Cisco Partner or contact Cisco Support.

Terminology
This guide uses the term “appliance” for any Secure Network Analytics product, including virtual products such as the Cisco Secure Network Analytics Flow Sensor Virtual Edition. A “cluster” is your group of Secure Network Analytics appliances that are managed by the Cisco Secure Network Analytics Manager (formerly Steal thwatch Management Console or SMC).

In v7.4.0 we rebranded our Cisco Stealth watch Enterprise products to Cisco Secure Network Analytics. For a complete list, refer to the Release Notes. In this guide, you will see our former product name Stealth watch, used whenever necessary to maintain clarity, as well as terminology such as Stealth watch Management Console and SMC.

Ho lumellana
For TACACS+ authentication and authorization, make sure all users log in through the Manager. To log in to an appliance directly and use the Appliance Administration, log in locally. The following features are not available when TACACS+ is enabled: FIPS, Compliance Mode.

Tsamaiso ea Karabelo
Taolo ea Likarabo e hlophisitsoe ho Motsamaisi oa hau. Ho fumana litemoso tsa lengolo-tsoibila, litlaleho tse hlophisitsoeng, joalo-joalo etsa bonnete ba hore mosebelisi o lokiselitsoe joalo ka mosebelisi oa lehae ho Motsamaisi. Eya ho Configure > Detection > Taolo ea Karabo, 'me u lebise ho Thuso bakeng sa litaelo.

Failover
Ka kopo ela hloko lintlha tse latelang haeba u hlophisitse Batsamaisi ba hau e le sehlopha se sa sebetseng hantle:

• TACACS+ is only available on the primary Manager. TACACS+ is not supported on the secondary Manager.
• If TACACS+ is configured on the primary Manager, the TACACS+ user information is not available on the secondary Manager. Before you can use configured external authentication services on a secondary Manager, you need to promote the secondary Manager to primary.
• If you promote the secondary Manager to primary:
• Enable TACACS+ and remote authorization on the secondary Manager.
• Any external users logged into the demoted primary Manager will be logged out.
• The secondary Manager does not retain user data from the primary Manager, so any data saved on the primary Manager is not available on the new (promoted) primary Manager.
• Once the remote user logs in to the new primary Manager for the first time, the user directories will be created and the data is saved going forward.
• Review Litaelo tsa Failover: Bakeng sa tlhaiso-leseling e batsi, sheba Tataiso ea Tlhophiso ea Failover.

Tokisetso

You can configure TACACS+ on Cisco Identity Services Engine (ISE). We recommend using Cisco Identity Services Engine (ISE) for centralized authentication and authorization. However, you can also deploy a standalone TACACS+ server or integrate any other compatible authentication server according to your specific requirements.

Etsa bonnete ba hore u na le tsohle tseo u li hlokang ho qala tlhophiso.

Tlhokahalo	Lintlha
Cisco Identity Services Engine (ISE)	Install and configure ISE using the instructions in the ISE documentation for your engine.You will need the IP address, port, and shared secret key for the configuration. You will also need the Device Administration license.
TACACS + Seva	U tla hloka aterese ea IP, boema-kepe, le senotlolo se arolelanoang sa lekunutu bakeng sa tlhophiso.
Moreki oa Desktop	You will use the Desktop Client for this configuration if you want to use custom desktop roles. To install the Desktop Client, refer to the Cisco Sireletsehile Network Analytics Tataiso ea Tlhophiso ea Sistimi that matches your Secure Network Analytics version.

Likarolo tsa Basebelisi li Fetileview

Tataiso ena e kenyelletsa litaelo tsa ho lokisa basebelisi ba TACACS+ bakeng sa netefatso le tumello ea hole. Pele o qala tlhophiso, review lintlha tse karolong ena ho netefatsa hore u lokisa basebelisi ba hau ka nepo.

Ho lokisa Mabitso a Basebelisi
Bakeng sa netefatso e hole le tumello, o ka hlophisa basebelisi ba hau ho ISE. Bakeng sa netefatso le tumello ea lehae, lokisa basebelisi ba hau ho Motsamaisi.

• Remote: To configure your users in ISE, follow the instructions in this configuration guide.
• Local: To configure your users locally only, log in to the Manager. From the main menu, select Configure > Global > User Management. Select Help for instructions.

Mabitso a Mabitso a Mabitso a Basebelisi
Ha o lokisa basebelisi ba hole, lumella case-sensitivity ho seva e hole. Haeba u sa khone ho utloisisa boemo ho seva se hole, basebelisi ba kanna ba se khone ho fihlella data ea bona ha ba kena ho Secure Network Analytics.

Mabitso a Phethahetseng

• Whether you configure user names remotely (in ISE) or locally (in the Manager), make sure all user names are unique. We do not recommend duplicating user names across remote servers and Secure  Network Analytics.
• Haeba mosebelisi a kena ho Mookameli, 'me a na le lebitso le tšoanang la mosebelisi le hlophisitsoeng ho Secure Network Analytics le ISE, ba tla fihlella data ea bona ea Mookameli / Secure Network Analytics feela. Ha ba khone ho fihlella data ea bona e hole ea TACACS+ haeba lebitso la bona la mosebelisi le kopitsoe.

Liphetolelo tsa Pele

• If you’ve configured TACACS+ in an earlier version of Cisco Secure Network Analytics (Steal thwatch v7.1.1 and earlier), make sure you create new users with unique names for v7.1.2 and later. We do not recommend using or duplicating the user names from earlier versions of Secure Network Analytics.
• Ho tsoela pele ho sebelisa mabitso a basebelisi a entsoeng ho v7.1.1 le pejana, re khothaletsa ho a fetola hore e be a sebakeng sa heno feela ho Mookameli oa hau oa mantlha le Client ea Desktop. Sheba ho Thuso bakeng sa litaelo.

Ho lokisa Lihlopha tsa Boitsebiso le Basebelisi
Bakeng sa ho kena ka tumello ea mosebelisi, u tla etsa 'mapa oa shell profiles ho basebelisi ba hau. Bakeng sa pro e 'ngoe le e' ngoe ea khetlafile, o ka abela karolo ea Mookameli oa Mathomo kapa oa theha motsoako oa likarolo tseo e seng tsa batsamaisi. Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang. Haeba o theha motsoako oa likarolo tseo e seng tsa admin, etsa bonnete ba hore e fihlela litlhoko.

Karolo ea Tsamaiso ea mantlha
Primary Admin can view ts'ebetso eohle le ho fetola eng kapa eng. Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang.

Karolo	Boleng ba Tšobotsi
Primary Admin	cisco-stealth watch-master-admin

Motsoako oa Likarolo tseo e seng tsa Tsamaiso
Haeba u theha motsoako oa likarolo tseo e seng tsa admin bakeng sa pro shell ea haufile, etsa bonnete ba hore e kenyelletsa tse latelang:

• 1 Data role (only)
• 1 kapa ho feta Web karolo
• Karolo e 1 kapa ho feta ea Desktop Client

Bakeng sa lintlha tse ling, sheba lethathamo la Litšobotsi tsa Litšobotsi.

Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang. Haeba o theha motsoako oa likarolo tseo e seng tsa admin, etsa bonnete ba hore e fihlela litlhoko.

Litšoaneleho tsa Botho
Ho fumana lintlha tse ling mabapi le karolo e 'ngoe le e 'ngoe ea karolo, tobetsa sehokelo sa Likarolo Tse Hlokehang kholomong.

Required Roles	Boleng ba Tšobotsi
1 Data role (only)	cisco-stealth watch-all-data-read-and-write cisco-stealth watch-all-data-read-only
1 kapa ho feta Web karolo	cisco-stealth watch-configuration-manager cisco-stealth watch-power-analyst cisco-stealth watch-analyst
Karolo e 1 kapa ho feta ea Desktop Client	cisco-stealth watch-desktop-stealth watch-power-user cisco-stealth watch-desktop-configuration-manager cisco-stealth watch-desktop-network-engineer cisco-stealth watch-desktop-security-analyst

Kakaretso ea Likarolo
Re fane ka kakaretso ea karolo ka 'ngoe litafoleng tse latelang. Bakeng sa tlhaiso-leseling e batsi mabapi le likarolo tsa basebelisi ho Secure Network Analytics, review leqephe la Tsamaiso ea Basebelisi ho Thuso.

Likarolo tsa Boitsebiso
Etsa bonnete ba hore u khetha karolo e le 'ngoe feela ea data.

Karolo ea data	Litumello
Lintlha kaofela (Bala Feela)	Mosebedisi a ka view data sebakeng sefe kapa sefe kapa sehlopha sa moamoheli, kapa sesebelisoa kapa sesebelisoa, empa ha e khone ho etsa litlhophiso.
Lintlha Tsohle (Bala & Ngola)	Mosebedisi a ka view le ho lokisa data sebakeng sefe kapa sefe kapa sehlopha sa moamoheli, kapa sesebelisoa kapa sesebelisoa sefe kapa sefe.

Ts'ebetso e khethehileng (ho batla ho phalla, tsamaiso ea maano, lihlopha tsa marang-rang, joalo-joalo) tseo mosebedisi a ka li khonang view le/kapa tlhophiso e laolwa ke ya mosebedisi web karolo.

Web Likarolo

Web Karolo	Litumello
Mohlahlobi oa Matla	Power Analyst a ka etsa lipatlisiso tsa pele mabapi le sephethephethe le phallo hammoho le ho lokisa maano le lihlopha tse amohelang baeti.
Motsamaisi oa Tlhophiso	Motsamaisi oa Litlhophiso a ka view tshebetso e amanang le tlhophiso.
Mohlahlobi	Mohlahlobi a ka etsa lipatlisiso tsa pele mabapi le sephethephethe le phallo.

Likarolo tsa Bareki ba Desktop

Web Karolo	Litumello
Motsamaisi oa Tlhophiso	Motsamaisi oa Litlhophiso a ka view lintho tsohle tsa menu le ho lokisa lisebelisoa tsohle, lisebelisoa, le litlhophiso tsa domain.
Moenjiniere oa Marang-rang	Moenjiniere oa Marang-rang a ka khona view lintho tsohle tse amanang le sephethephethe ka har'a Desktop Client, kenya alamo le lintlha tsa moamoheli, 'me u etse liketso tsohle tsa alamo, ntle le ho fokotsa.
Mohlahlobi oa Tšireletso	The Security Analyst a ka view lintho tsohle tsa menu tse amanang le ts'ireletso, kenya alamo le lintlha tsa moamoheli, 'me u etse liketso tsohle tsa alamo, ho kenyeletsoa ho fokotsa.
Sireletsa Mosebelisi oa Matla a Network Analytics	Secure Network Analytics Power User a ka view lintho tsohle tsa menu, amohela lialamo, 'me u kenye alamo le lintlha tsa moamoheli, empa ntle le matla a ho fetola letho.

Ts'ebetso e Felletseview

U ka hlophisa Cisco ISE ho fana ka TACACS +. Ho atleha ho lokisa litlhophiso tsa TACACS+ le ho fana ka tumello ea TACACS+ ho Secure Network Analytics, etsa bonnete ba hore u tlatsa mekhoa e latelang:

Configure TACACS+ in ISE
Sebelisa litaelo tse latelang ho lokisa TACACS+ ho ISE. Tokiso ena e thusa basebelisi ba hau ba hole ba TACACS+ ho ISE ho kena ho Secure Network Analytics.

Pele o Qala
Pele o qala litaelo tsena, kenya le ho lokisa ISE o sebelisa litaelo tse tokomaneng ea ISE bakeng sa enjine ea hau. Sena se kenyelletsa ho netefatsa hore litifikeiti tsa hau li setiloe ka nepo.

Mabitso a basebelisi

• Hore na o lokisa mabitso a basebelisi u le hole (ho ISE) kapa sebakeng sa heno (ho Motsamaisi), etsa bonnete ba hore mabitso ohle a basebelisi aa ikhetha. Ha re khothaletse ho kopitsa mabitso a basebelisi ho li-server tse hole le Sireletsehile Network Analytics.
• Duplicated User Names: If a user logs in to the Manager, and they have the same user name configured in Secure Network Analytics and ISE, they will only access their local Manager/Secure Network
• Analytics data. They cannot access their remote TACACS+ data if their user name is duplicated.
• Mabitso a Mabitso a Basebelisi: Ha o lokisa basebelisi ba hole, etsa hore ho be le kutloisiso ho seva se hole. Haeba u sa khone ho utloisisa boemo ho seva se hole, basebelisi ba kanna ba se khone ho fihlella data ea bona ha ba kena ho Secure Network Analytics.

Likarolo tsa Basebelisi
Bakeng sa setsebi se seng le se seng sa TACACS+file ho ISE, o ka abela karolo ea Mookameli oa Mathomo kapa oa theha motsoako oa likarolo tseo e seng tsa batsamaisi.

Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang. Haeba o theha motsoako oa likarolo tseo e seng tsa admin, etsa bonnete ba hore e fihlela litlhoko. Bakeng sa tlhaiso-leseling e batsi mabapi le likarolo tsa basebelisi, sheba ho User Roles Overview.

Enable Device Administration in ISE
Sebelisa litaelo tse latelang ho kenya ts'ebeletso ea TACACS+ ho ISE.

1. Log in to your ISE as an admin.
2. Select Work Centers > Device Administration > Overview.
   If Device Administration is not shown in Work Centers, go to Administration System > Licensing. In the Licensing section, confirm the Device Administration License is shown. If it is not shown, add the license to your account.
3.  Select Deployment.
4. Select All Policy Service Nodes or Specific Nodes.
5. In the TACACS Ports field, enter 49.
6. Tobetsa Boloka.

 Create TACACS+ Profiles
Sebelisa litaelo tse latelang ho kenya TACACS+ shell profiles ho ISE. U tla boela u sebelise litaelo tsena ho fana ka likarolo tse hlokahalang ho pro shellfile.

1. Select Work Centers > Device Administration > Policy Elements.
2. Select Results > TACACS Profiles.
3. Tobetsa Add.
4. In the Name field, enter a unique user name.
   Bakeng sa lintlha tse mabapi le mabitso a basebelisi sheba ho User Roles Overview.
5. In the Common Task Type drop-down, select Shell.
6. In the Custom Attributes section, click Add.
7. In the Type field, select Mandatory.
8. In the Name field, enter role.
9. In the Value field, enter the attribute value for Primary Admin or build a combination of non-admin roles.
   • Save: Click the Check icon to save the role.
   • Combination of Non-Admin Roles: If you create a combination of non-admin roles, repeat steps 5 through 8 until you have added a row for each required role (Data role, Web karolo, le karolo ea Client ea Desktop).

Karolo ea Tsamaiso ea mantlha
Primary Admin can view ts'ebetso eohle le ho fetola eng kapa eng. Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang.

Karolo	Boleng ba Tšobotsi
Primary Admin	cisco-stealth watch-master-admin

Motsoako oa Likarolo tseo e seng tsa Tsamaiso

Haeba u theha motsoako oa likarolo tseo e seng tsa admin bakeng sa pro shell ea haufile, etsa bonnete ba hore e kenyelletsa tse latelang:

• 1 Data role (only): make sure you select only one data role
• 1 kapa ho feta Web karolo
• Karolo e 1 kapa ho feta ea Desktop Client

Required Roles	Boleng ba Tšobotsi
1 Data role (only)	cisco-stealth watch-all-data-read-and-write cisco-stealth watch-all-data-read-only
1 kapa ho feta Web karolo	cisco-stealth watch-configuration-manager cisco-stealth watch-power-analyst cisco-stealth watch-analyst
Karolo e 1 kapa ho feta ea Desktop Client	cisco-stealth watch-desktop-stealth watch-power-user cisco-stealth watch-desktop-configuration-manager cisco-stealth watch-desktop-network-engineer cisco-stealth watch-desktop-security-analyst

Haeba u abela karolo ea Tsamaiso ea Mathomo ho pro shellfile, ha ho likarolo tse ling tse lumelloang. Haeba o theha motsoako oa likarolo tseo e seng tsa admin, etsa bonnete ba hore e fihlela litlhoko.

Tobetsa Boloka.

1. Repeat the steps in 2. Create TACACS+ Profiles to add any additional TACACS+ shell profiles ho ISE.

Pele o tsoela pele ho 3. Map Shell Profiles ho Lihlopha kapa Basebelisi, u hloka ho theha Basebelisi, Sehlopha sa Boitsebiso ba Basebelisi (boikhethelo), le lihlopha tsa litaelo tsa TACACS+. Bakeng sa litaelo tsa mokhoa oa ho theha Basebelisi, Sehlopha sa Boitsebiso ba Basebelisi, le li-TACACS+ litaelo, sheba litokomane tsa ISE bakeng sa enjine ea hau.

 Map Shell Profiles ho Lihlopha kapa Basebelisi
Sebelisa litaelo tse latelang ho etsa 'mapa oa pro shell ea haufiles ho melao ea hau ea tumello.

1. Select Work Centers > Device Administration > Device Admin Policy Sets.
2. Locate your policy set name. Click the Arrow icon.
3. Locate your authorization policy. Click theArrow icon.
4. Click the + Plus icon.
5. In the Conditions field, click the + Plus icon. Configure the policy conditions.
   • User Identity Group: If you have configured a user identity group, you can create a condition such as “Internal User.Identity Group”.
     Bakeng sa mohlalaample, “Internal User. Identity Group EQUALS <Group Name>” to match a specific user identity group.
   • Individual User: If you have configured an individual user, you can create a condition such as “Internal User. Name”.
     Bakeng sa mohlalaample, “Internal User. Name EQUALS <User Name>” to match a specific user.
     Help: For Conditions Studio instructions, click the ? Help icon.
6. In the Shell Profiles, khetha shell profile o entse ka 2. Theha TACACS+ Profiles.
7. Repeat the steps in 3. Map Shell Profiles ho Lihlopha kapa Basebelisi ho fihlela u entse 'mapa oa likhetla tsohlefiles ho melao ea hau ea tumello.

Add Secure Network Analytics as a Network Device

1. Select Administration > Network Resources > Network Devices.
2. Select Network Devices, click +Add.
3. Complete the information for your primary Manager, including the following fields:
   • Name: Enter the name of your Manager.
   • IP Address: Enter the Manager IP address.
   • Shared Secret: Enter the shared secret key.
4. Tobetsa Boloka.
5. Confirm the network device is saved to the Network Devices list.
6. Go to 2. Enable TACACS+ Authorization in Secure Network Analytics.

Enable TACACS+ Authorization in Secure

Network Analytics
Sebelisa litaelo tse latelang ho kenya seva ea TACACS+ ho Secure Network Analytics le ho lumella tumello ea hole.
Ke Mookameli oa Pele feela ea ka kenyang seva sa TACACS+ ho Secure Network Analytics.
O ka eketsa seva e le 'ngoe feela ea TACACS+Tshebeletsong ea netefatso ea TACACS+.

1. Kena ho Motsamaisi oa hau oa mantlha.
2. From the main menu, select Configure > Global > User Management.
3. Click the Authentication and Authorization tab.
4. Click Create. Select Authentication Service.
5. Click the Authentication Service drop-down. Select TACACS+.
6. Complete the fields:
   

   Tšimo	Lintlha
   Authentication Service
   Lebitso	Kenya lebitso le ikhethileng ho tsebahatsa seva.
   Tlhaloso	Kenya tlhaloso e hlalosang hore na seva e sebelisoa joang kapa hobaneng.
   Nako ea Cache (Metsotsoana)	Nako ea nako (ka metsotsoana) eo lebitso la mosebedisi kapa password e nkoang e sebetsa pele Sireletsehile Network Analytics e hloka ho kenngoa hape ha boitsebiso.
   Sehlongoapele	Sebaka sena ke boikhethelo. Khoele ea pele e behiloe qalong ea lebitso la mosebelisi ha lebitso le romelloa ho seva sa RADIUS kapa TACACS+. Bakeng sa mohlalaample, if the user name is zoe and the realm prefix is DOMAIN-

   	A\, the user name DOMAIN-A\zoe is sent to the server. If you do not configure the Prefix field, only the user name is sent to the server.
   Sehlongoamane	Sebaka sena ke boikhethelo. Khoele ea suffix e behiloe qetellong ea lebitso la mosebelisi. Bakeng sa mohlalaample, if the suffix is  mydomain.com, the username zoe@mydomain.com is sent to the TACACS+ server. If you do not configure the Suffix field, only the user name is sent to the server.
   Seva
   IP Aterese	Sebelisa liaterese tsa IPv4 kapa IPv6 ha u lokisa lits'ebeletso tsa netefatso.
   Boema-kepe	Kenya linomoro leha e le life ho tloha ho 0 ho isa ho 65535 tse lumellanang le boema-kepe bo sebetsang.
   Senotlolo sa Lekunutu	Kenya senotlolo sa lekunutu se neng se etselitsoe seva se sebetsang.

7.  Tobetsa Boloka.
   The new TACACS+ server is added, and information for the server displays.
8.  Click the Actions menu for the TACACS+ server.
9. Select Enable Remote Authorization from the drop-down menu.
10. Follow the on-screen prompts to enable TACACS+.

Test Remote TACACS+ User Login
Sebelisa litaelo tse latelang ho kena ho Mookameli. Bakeng sa tumello ea TACACS+ e hole, etsa bonnete ba hore basebelisi bohle ba kena ka Motsamaisi.

To log in to an appliance directly and use the Appliance Administration, log in locally.

1. In the address field of your browser, type the following: https://followed by the IP address of your Manager.
2. Enter the user name and password of a remote TACACS+ user.
3. Haeba mosebelisi a sa khone ho kena ho Motsamaisi, review karolo ea Tharollo ea Mathata.

Ho batle phoso

Haeba u kopana le e 'ngoe ea maemo ana a ho rarolla mathata, ikopanye le molaoli oa hau ho boelaview tlhophiso le litharollo tseo re faneng ka tsona mona. Haeba mookameli oa hau a sa khone ho rarolla mathata, ka kopo ikopanye le Cisco Support.

Scenarios

Boemo	Lintlha
A specific TACACS+ user cannot log in	Review the Audit Log for user login failure with Illegal Mappings or Ha e sebetse Combination of Roles. This can happen if the identity group shell profile includes Primary Admin and additional roles, or if the combination of non-admin roles does not meet the requirements. Refer to Likarolo tsa Basebelisi Fetileview bakeng sa lintlha.  Make sure the TACACS+ user name is not the same as a local (Secure Network Analytics) user name. Refer to Likarolo tsa Basebelisi li Fetileview bakeng sa lintlha.
Basebelisi bohle ba TACACS+ ha ba khone ho kena	Check the TACACS+ configuration in Secure Network Analytics.  Check the configuration on the TACACS+ server.  Make sure the TACACS+ server is running.  Make sure the TACACS+ service is enabled in Secure Network Analytics:  There can be multiple authentication servers defined, but only one can be enabled for authorization. Refer to 2. Enable TACACS+ Authorization in Sireletsehile Network Analytics bakeng sa lintlha.  To enable authorization for a specific TACACS+ server, refer to 2. Thusa TACACS+ Authorization in Secure Network Analytics bakeng sa lintlha.

Ha mosebelisi a kena, a ka fihlella Mookameli feela sebakeng sa heno

If a user exists with the same user name in Secure Network Analytics (local) and the TACACS+ server (remote), the local login overrides the remote login. Refer to Likarolo tsa Basebelisi li Fetileview bakeng sa lintlha.

Ho ikopanya le Tšehetso
Haeba o hloka tšehetso ea tekheniki, ka kopo etsa e 'ngoe ea tse latelang:

• Ikopanye le Cisco Partner ea hau ea lehae
• Ikopanye le Cisco Support
• Ho bula nyeoe ka web: http://www.cisco.com/c/en/us/support/index.html
• Bakeng sa tšehetso ea mohala: 1-800-553-2447 (US)
• Bakeng sa linomoro tsa tšehetso lefatšeng ka bophara: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Fetola Histori

Tokomane Version	Letsatsi la Phatlalatso	Tlhaloso
1_0	La 21 Phato 2025	Mofuta oa pele.

Litaba tsa Copyright
Cisco le logo ea Cisco ke matšoao a khoebo kapa matšoao a ngolisitsoeng a Cisco le/kapa mafapha a eona a US le linaheng tse ling. Ho view lethathamo la matšoao a khoebo a Cisco, e ea ho sena URL: https://www.cisco.com/go/trademarks. Matshwao a kgwebo a motho wa boraro a boletsweng ke thepa ya beng ba ona. Tšebeliso ea lentsoe molekane ha e bolele kamano ea tšebelisano pakeng tsa Cisco le k'hamphani efe kapa efe. (1721R)

© 2025 Cisco Systems, Inc. le/kapa mekhatlo e amanang le eona. Litokelo tsohle li sirelelitsoe.

LBH

Can TACACS+ be used with Compliance Mode enabled?

No, TACACS+ authentication and authorization do not support Compliance Mode. Ensure Compliance Mode is disabled when using TACACS+.

Litokomane / Lisebelisoa

Cisco TACACS + Sireletsehile Network Analytics [pdf] Bukana ea Mosebelisi 7.5.3, TACACS Secure Network Analytics, TACACS, Secure Network Analytics, Network Analytics, Analytics

Litšupiso

• Bukana ea Mosebelisi