Skip to main content

Configure TACACS on a New Catalyst Switch

Part 1: Switch Configuration

·         Remote into the switch you want to put TACACS on and enter the global configuration mode

o   Your prompt should look like BLDG_000 (config)# in global config mode

·         Paste the TACACS configuration commands in in parts, as defined by the blocks

o   Commands can be found on SharePoint here:

§  Services\Routing & Switching\Documents\TACACS.txt

o   When you paste in a block of commands, press enter to make sure the line is clear

·         Once done, save the configuration and the switch setup is done

Part 2: ISE Configuration

·         Log into ise-pri.mclennan.edu on your browser using your admin.user account

·         Navigate to the Network Devices page using the menu from the three bars in the top left

o   This is found on the Administration tab, under the Network Resources section

·         Once on Network Devices, click Add to add the new device

·         In the New Network Device menu, apply the following settings:

o   Name: Hostname of the switch you’re adding

o   Description: Can be left blank

o   IP Address: IP address of the switch you’re adding

o   Device Profile: Cisco

o   Model Name: 9200l-48P-4X

o   Software Version: Leave blank

o   Location: All Locations

o   IPSEC: No

o   Device Type: Cisco Switch

o   RADIUS Authentication Settings: Unchecked

o   TACACS Authentication Settings: Checked

§  Shared Secret: Key Value from TACACS.txt

·         Don’t include the work “key”, just the following word

§  Enable Single Connect Mode: Checked

·         Legacy Cisco Device: Selected

o   SNMP Settings: Unchecked

o   Advanced TrustSec Settings: Unchecked

·         Once configured, scroll to the bottom and click Submit

·         From here, test functionality by attempting to SSH using your AD admin account

Back to top