portnox/portnox-tacacs
Docker image to run Portnox TACACS+ server in a container.
10K+
Docker image to run Portnox TACACS+ server in a container. The container receives TACACS+ messages, communicates with Clear cloud services over an encrypted TLS connection, and responds based on policies defined in Portnox Cloud.
Changes
Starting with 1.1.50, the portnox/portnox-tacacs docker image replaces the portnox/local-tacacs. Besides the name change, the new docker image implements token-based authentication to easily run the TACACS+ server in a cloud environment. You can also notice that the new docker image doesn't require the --container-mode parameter, see below.
Known Limitations
Due to limitations of the TACACS+ protocol it is recommended that communication between the NAS (switches, routers, firewall, etc.) and the Portnox TACACS+ container be encapsulated inside a VPN tunnel to avoid NAT traversal issues.
Run using Docker Engine
Login to Clear, go to Settings, and in the SERVICES, click LOCAL TACACS+ SERVICE, click a profile and you will be able to copy environment variables required to run the portnox-tacacs container.
Host network mode should be used for running the container using Docker Engine. Because the host network mode is supported on Linux hosts only, Portnox does not support running the TACACS+ container on Windows and MacOS.
docker run -d --network host -p 49:49 --name portnox-tacacs --restart=on-failure \
-e TACACS_GATEWAY_PROFILE=$TACACS_GATEWAY_PROFILE \
-e TACACS_GATEWAY_ORG_ID=$TACACS_GATEWAY_ORG_ID \
-e TACACS_GATEWAY_TOKEN=$TACACS_GATEWAY_TOKEN \
portnox/portnox-tacacs:latest
It is also possible to pass the token in a file. Just mount the appropriate file to a volume and set the file path in TACACS_GATEWAY_TOKEN variable:
docker run -d --network host -p 49:49 --name portnox-tacacs --restart=on-failure \
-e TACACS_GATEWAY_PROFILE=$TACACS_GATEWAY_PROFILE \
-e TACACS_GATEWAY_ORG_ID=$TACACS_GATEWAY_ORG_ID \
-e TACACS_GATEWAY_TOKEN=/mnt/secrets/clear-tacacs-gw-token \
-v ~/clear-tacacs-gw-token:/mnt/secrets/clear-tacacs-gw-token \
portnox/portnox-tacacs:latest
docker pull portnox/portnox-tacacs