xStack
NOTE: TACACS, XTACACS and TACACS+ are separate entities and are not compatible. The Switch and the server must be configured exactly the same, using the same protocol. (For example, if the Switch is set up for TACACS authentication, so must be the host server.)
The Access Authentication Control commands in the Command Line Interface (CLI) are listed (along with the appropriate parameters) in the following table.
Command | Parameters |
enable authen_policy |
|
|
|
disable authen_policy |
|
|
|
show authen_policy |
|
|
|
create authen_login | <string 15> |
method_list_name |
|
|
|
config authen_login | [default method_list_name <string 15>] method {tacacs |
| xtacacs tacacs+ radius server_group <string 15> local |
| none} |
|
|
delete authen_login | <string 15> |
method_list_name |
|
show authen_login | {default method_list_name <string 15> all} |
|
|
create authen_enable | <string 15> |
method_list_name |
|
config authen_enable | [default method_list_name <string 15>] method {tacacs |
| xtacacs tacacs+ radius server_group <string 15> |
| local_enable none} |
|
|
delete authen_enable | <string 15> |
method_list_name |
|
show authen_enable | [default method_list_name <string 15> all] |
|
|
config authen application | {console telnet ssh http all] [login enable] [default |
| method_list_name <string 15>] |
show authen application |
|
|
|
create authen server_group | <string 15> |
|
|
config authen server_group | [tacacs xtacacs tacacs+ radius <string 15>] [add delete] |
| server_host <ipaddr> protocol [tacacs xtacacs tacacs+ |
| radius] |
delete authen server_group | <string 15> |
|
|
show authen server_group | {<string 15>} |
|
|
create authen server_host | <ipaddr> protocol [tacacs xtacacs tacacs+ radius] {port |
| <int |
| 255> retransmit <int |
|
|
config authen server_host | <ipaddr> protocol [tacacs xtacacs tacacs+ radius] {port |
| <int |
| 255> retransmit <int |
|
|
delete authen server_host | <ipaddr> protocol [tacacs xtacacs tacacs+ radius] |
|
|
