TACACS+ authorization overview

Upon successful user authentication, the user is identified as having either an Administrator or Operator role.

At a minimum, TACACS+ authorization provides the following:

  • Administrators are given access to every command.

  • Operators are given access to only nonconfiguration commands (primarily show commands and only for nonsensitive information).

Optionally, TACACS+ authorization provides further filtering to allow/disallow individual command or command set execution. Each command is sent to the TACACS+ server for approval, and the switch then allows/disallows command execution according to the server response.


TACACS+ authorization applies only to the CLI interface.