set tacacs session

TACACS+ Configuration

set tacacs session

Use this command to enable or disable TACACS+ session accounting, or to configure TACACS+ session authorization parameters. For simplicity, separate syntax formats are shown for configuring session accounting and session authorization.

Syntax

set tacacs session accounting {enable disable}

set tacacs session authorization {service name read-only attribute value read-write attribute value super-user attribute value}

Parameters

accounting

Specifies that TACACS+ session accounting is being configured.

enable disable

Enables or disables TACACS+ session accounting.

 

 

authorization

Specifies that TACACS+ session authorization is being configured.

 

 

service name

Specifies the name of the service that the TACACS+ client will request

 

from the TACACS+ server. The name specified here must match the

 

name of a service configured on the server. The default service name is

 

exec.

 

 

read‐only attribute

Specifies that the read‐only access privilege level should be matched to

value

a privilege level configured on the TACACS+ server by means of an

 

attribute‐value pair specified by attribute and value.

 

By default, attribute is “priv‐lvl” and value is 0.

 

 

read‐write attribute

Specifies that the read‐write access privilege level should be matched to

value

a privilege level configured on the TACACS+ server by means of an

 

attribute‐value pair specified by attribute and value.

 

By default, attribute is “priv‐lvl” and value is 1.

 

 

super‐user attribute

Specifies that the super‐user access privilege level should be matched to

value

a privilege level configured on the TACACS+ server by means of an

 

attribute‐value pair specified by attribute and value.

 

By default, attribute is “priv‐lvl” and value is 15.

 

 

Defaults

None.

Mode

Switch command, Read‐Write.

Usage

When session accounting is enabled, the TACACS+ server will log accounting information, such as start and stop times, IP address of the client, and so forth, for each authorized client session.

When the TACACS+ client is enabled on the switch (with the set tacacs enable command), the session authorization parameters configured with this command are sent by the client to the TACACS+ server when a session is initiated on the switch. The parameter values must match a service and access level attribute‐value pairs configured on the server for the session to be authorized. If the parameter values do not match, the session will not be allowed.

SecureStack C3 Configuration Guide 27-7

Page 841
Image 841
Enterasys Networks 9034313-07 manual Set tacacs session