Technical Tip: TACACS+ Configuration
Description
This article describes how to configure Network Sentry to work in a TACACS+ environment.
Scope
FortiNAC.
Solution
- All switch models in Network Sentry have to be configured with a Super User and Password.
- The enable password has to be removed in all switch models in Network Sentry.
- The switches have to be configured so that the Super User gets dropped into the enable mode without an enable password.
If global configuration is used, then:
- Fully test on one switch prior to doing mass implementation.
- Do a database backup on Network Sentry prior to the change so that a restore of the database will restore all switches to the previous configuration.
- Use the global configuration to push Username and Password changes.
- Have a back out script that can run on all hardware switches to reverse password configuration changes and TACACS+ configuration if needed.