Configuring TACACS
Server Level Configurations
You can configure the TACACS Server using the following command:
Reference
Command
[no] tacacs-server host <ipv4 | ipv6> [timeout<value> ] [key <value> ] [auth_type (chap |
pap | mschap | login) ] [port <value>] [priority <value> ]
Description
TACACS configuration
Parameters
IPv4 or v6 Address , timeout, key, auth_type, port, priority values
Mode
CONFIG
Example
pbnoscli(config)# tacacs-server host 10.0.0.1
<cr>
auth_type Authentication type, default pap
key Add Key
port TCP port range is <1...65535>, default 49
priority Priority <1..64>, default 1
timeout Transmission timeout interval <0-60>, default 5
pbnoscli(config)# tacacs-server host 10.0.0.1 auth_type
chap chap
login login
mschap mschap
pap pap
pbnoscli(config)# tacacs-server host 10.0.0.1 auth_type pap key key_val port 44 priority 1 timeout 60
pbnoscli(config)#
You can verify the configuration by using the command(s) below:
pbnoscli# show tacacs-sever 10.0.0.1
TACPLUS global auth_type pap (Default)
TACPLUS global passkey <EMPTY_STRING> (Default)
TACPLUS global timeout 5 (Default)
=====================================================================================================================
IP Auth_type Passkey Tcp_port Priority Mgmtvrf Timeout
=====================================================================================================================
10.0.0.1 pap key_val 44 1 N/A 60
pbnoscli#
pbnoscli# show running-config
configure terminal
aaa authentication failthrough disable
aaa authentication fallback disable
aaa authentication login tacacs+
tacacs-server host 10.0.0.1 auth_type pap key key_val port 44 priority 1 timeout 60
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
pbnoscli#
Global TACACS Parameters
To Configure Global TACACS parameters, use the below command:
Reference
Command
[no] tacacs [authtype (chap | pap | mschap | login)] [passkey <value>] [timeout <value>]
Description
TACACS global configuration
Parameters
Timeout, key, auth_type, passkey values
Mode
CONFIG
Example
pbnoscli(config)# tacacs
authtype Configure authentication type, default : pap
passkey Specify TACACS server global passkey, default : <EMPTY_STRING>
timeout Specify TACACS server global timeout <0-60>, default : 5
//configuring authentication type
pbnoscli(config)# tacacs authtype
chap chap
login login
mschap mschap
pap pap
pbnoscli(config)# tacacs authtype pap
//configuring tacacs passkey
pbnoscli(config)# tacacs passkey key_value
//configuring timout value
pbnoscli(config)# tacacs timeout 60
You can verify the configuration by using the command(s) below:
pbnoscli# show tacacs-sever
TACPLUS global auth_type pap
TACPLUS global passkey key_value
TACPLUS global timeout 60
=====================================================================================================================
IP Auth_type Passkey Tcp_port Priority Mgmtvrf Timeout
=====================================================================================================================
10.0.0.1 pap key_val 44 1 N/A 60
pbnoscli#
pbnoscli# show running-config
configure terminal
aaa authentication failthrough disable
aaa authentication fallback disable
aaa authentication login tacacs+
tacacs-server host 10.0.0.1 auth_type pap key key_val port 44 priority 1 timeout 60
tacacs auth_type pap
tacacs passkey key_value
tacacs timeout 60
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
pbnoscli#
Last updated
Was this helpful?