Configuring TACACS

Server Level Configurations

You can configure the TACACS Server using the following command:

Reference

Command	[no] tacacs-server host <ipv4 | ipv6> [timeout<value> ] [key <value> ] [auth_type (chap | pap | mschap | login) ] [port <value>] [priority <value> ]
Description	TACACS configuration
Parameters	IPv4 or v6 Address , timeout, key, auth_type, port, priority values
Mode	CONFIG

Example

 pbnoscli(config)# tacacs-server host 10.0.0.1           
  <cr>
  auth_type             Authentication type, default pap
  key                   Add Key
  port                  TCP port range is <1...65535>, default 49
  priority              Priority <1..64>, default 1
  timeout               Transmission timeout interval <0-60>, default 5
pbnoscli(config)# tacacs-server host 10.0.0.1 auth_type 
  chap                  chap
  login                 login
  mschap                mschap
  pap                   pap
pbnoscli(config)# tacacs-server host 10.0.0.1 auth_type pap key key_val port 44 priority 1 timeout 60
pbnoscli(config)#  

You can verify the configuration by using the command(s) below:

pbnoscli# show tacacs-sever 10.0.0.1
TACPLUS global auth_type pap (Default)
TACPLUS global passkey <EMPTY_STRING> (Default)
TACPLUS global timeout 5 (Default)
=====================================================================================================================
IP              Auth_type       Passkey         Tcp_port        Priority        Mgmtvrf         Timeout        
=====================================================================================================================
10.0.0.1        pap               key_val          44               1              N/A             60             
pbnoscli# 

pbnoscli# show running-config 
configure terminal
aaa authentication failthrough disable
aaa authentication fallback disable
aaa authentication login tacacs+
tacacs-server host 10.0.0.1 auth_type pap key key_val port 44 priority 1 timeout 60
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
pbnoscli# 

Global TACACS Parameters

To Configure Global TACACS parameters, use the below command:

Reference

Command	[no] tacacs [authtype (chap | pap | mschap | login)] [passkey <value>] [timeout <value>]
Description	TACACS global configuration
Parameters	Timeout, key, auth_type, passkey values
Mode	CONFIG

Example

pbnoscli(config)# tacacs 
  authtype              Configure authentication type, default : pap
  passkey               Specify TACACS server global passkey, default : <EMPTY_STRING>
  timeout               Specify TACACS server global timeout <0-60>, default : 5      

//configuring authentication type
pbnoscli(config)# tacacs authtype 
  chap                  chap
  login                 login
  mschap                mschap
  pap                   pap
pbnoscli(config)# tacacs authtype pap 

//configuring tacacs passkey
pbnoscli(config)# tacacs passkey key_value

//configuring timout value
pbnoscli(config)# tacacs timeout 60

You can verify the configuration by using the command(s) below:

pbnoscli# show tacacs-sever 
TACPLUS global auth_type pap            
TACPLUS global passkey key_value      
TACPLUS global timeout 60             
=====================================================================================================================
IP              Auth_type       Passkey         Tcp_port        Priority        Mgmtvrf         Timeout        
=====================================================================================================================
10.0.0.1        pap               key_val          44               1              N/A             60             
pbnoscli# 

pbnoscli# show running-config 
configure terminal
aaa authentication failthrough disable
aaa authentication fallback disable
aaa authentication login tacacs+
tacacs-server host 10.0.0.1 auth_type pap key key_val port 44 priority 1 timeout 60
tacacs auth_type pap
tacacs passkey key_value
tacacs timeout 60
interface mgmt
ip address 10.4.4.52/24 gateway 10.4.4.1
!
pbnoscli#