Cisco Systems XR manual Tacacs-server host, SR-82

Page 82

Authentication, Authorization, and Accounting Commands on Cisco IOS XR Software

tacacs-server host

tacacs-server host

To specify a TACACS+ host server, use the tacacs-server host command in global configuration mode. To delete the specified name or address, use the no form of this command.

tacacs-server host host-name[port port-number] [timeout seconds] [key [0 7] auth-key]single-connection

no tacacs-server host host-name [port port-number]

Syntax Description host-name

Name or IP address of the TACACS+ server.

port port-number(Optional) Specifies a server port number. This option overrides the default, which is port 49. Valid port numbers range from 1 to 65535.

timeout seconds (Optional) Specifies a timeout value that sets the length of time the authentication, authorization, and accounting (AAA) server waits to receive a response from the TACACS+ server. This option overrides the global timeout value set with the tacacs-server timeout command for this server only. The valid timeout range is from 1 to 1000 seconds. Default is 5.

key [0 7] auth-key(Optional) Specifies an authentication and encryption key shared between the

AAAserver and the TACACS+ server. The TACACS+ packets are encrypted using this key. This key must match the key used by the TACACS+ daemon. Specifying this key overrides the key set by the tacacs-server key command for this server only.

(Optional) Entering 0 specifies that an unencrypted (clear-text) key follows.

(Optional) Entering 7 specifies that an encrypted key follows.

The auth-keyargument specifies the unencrypted key to be used between the AAA server and the TACACS+ server.

single-connection(Optional) Multiplexes all TACACS+ requests to this server over a single TCP connection. By default, a separate connection is used for each session.

Defaults

Command Modes

Command History

No TACACS+ host is specified.

The port keyword, if not specified, defaults to the standard port 49.

The timeout keyword, if not specified, defaults to 5 seconds.

Global configuration

Release

Modification

Release 2.0

This command was introduced on the Cisco CRS-1.

 

 

Release 3.0

No modification.

 

 

Release 3.2

This command was supported on the Cisco XR 12000 Series Router.

 

 

Release 3.3.0

The show run command was modified to display the default values for both

 

the port keyword and the timeout keyword, if values are not specified.

 

 

Cisco IOS XR System Security Command Reference

SR-82

Page 81 Page 83
Image 82
Page 81 Page 83
Contents SR-1 Aaa accounting SR-2Aaa Read, write Creates a method list to be used for authorizationSR-3 Aaa accounting system default SR-4Creates a method list for authorization Creates a method list for authenticationSR-5 Aaa authentication SR-6Creates a method list for accounting Radius, group named-group,local, or line optionsSR-7 Command Description SR-8Local Aaa authorizationNetwork SR-9SR-10 Which specifies that TACACS+ authorization is used SR-11Aaa default-taskgroup SR-12Aaa group server radius SR-13Comprises three member servers SR-14Aaa group server tacacs+ SR-15SR-16 Accounting Aaa accounting commandSR-17 List named listname2 on a line template named configure SR-18Authorization command AuthorizationSR-19 Listname4 on a line template named configure SR-20Deadtime minutes no deadtime Deadtime server-group configurationSR-21 Related Commands Description SR-22Description string No description Description AAASR-23 Taskgroup SR-24Group SR-25Task ID Examples SR-26Inherit taskgroup SR-27SR-28 Inherit usergroup usergroup-name Inherit usergroupSR-29 Sales user group SR-30Authentication login command Login authenticationSR-31 SR-32 Password 0 7 password No password 0 7 password Password AAASR-33 SR-34 Radius-server dead-criteria time SR-35SR-36 Radius-server dead-criteria tries SR-37Dead-criteria time SR-38Radius-server deadtime minutes No radius-server deadtime Radius-server deadtimeSR-39 SR-40 Retransmit retries Timeout secondsRadius-server host SR-41SR-42 SR-43 Radius-server key SR-44Specifies a Radius server host SR-45Radius-server retransmit SR-46Radius-server timeout seconds No radius-server timeout Radius-server timeoutSR-47 Radius source-interface SR-48Outgoing Radius packets SR-49Secret 0 5 secret no secret 0 5 secret SecretSR-50 SR-51 Server Radius SR-52SR-53 Server TACACS+ SR-54Groups different TACACS+ server hosts into distinct lists SR-55Show aaa SR-56SR-57 Aaa usergroup operatorSR-58 Displays task IDs enabled for the currently logged-in user SR-59Show radius If no radius servers are configured, no output is displayedShow radius SR-60Field Description SR-61Show radius accounting Show radius accountingSR-62 Show radius authentication SR-63Show radius authentication Show radius authenticationSR-64 Show radius accounting SR-65Show radius client Show radius clientSR-66 SR-67 Show radius dead-criteria SR-68SR-69 Show radius server-groups No default behavior or valuesShow radius server-groups SR-70Field Description SR-71Show tacacs Show tacacsSR-72 SR-73 Show tacacs server-groups Show tacacs server-groupsSR-74 SR-75 Show task supported Show task supportedSR-76 SR-77 Ouni pkg-mgmt pos-dpt pppShow user SR-78SR-79 User allSR-80 SR-81 Tacacs-server host SR-82SR-83 Tacacs-server key key-nameno tacacs-server key Tacacs-server keySR-84 Specifies a TACACS+ host SR-85Tacacs-server timeout seconds No tacacs-server timeout Tacacs-server timeoutSR-86 Tacacs source-interface SR-87Aaa group server radius SR-88Execute TaskWrite DebugSR-90 Taskgroup SR-91Adds a task ID to a task group Creates a task group description in task configuration modeSR-92 Timeout login response SR-93Enables AAA authentication for logins SR-94Usergroup SR-95Creates a description of a task group during configuration SR-96Username SR-97Adds a user to a group Defines a method list for authenticationCreates a login password for a user SR-98Users group SR-99Given operator privileges SR-100
Top Page Image Contents