ACCESS USING TACACS+

CHAPTER 8: ACCESS USING TACACS+

8.2Configuring TACACS+ through the Command Line Interface

8.2.1Commands

There are several commands to configure TACACS+.

The show tacplus command displays the status of TACACS or servers configured as

TACACS+ servers:

show tacplus <statusservers>

The tacplus enable and tacplus disable commands enable or disable TACACS authentication:

tacplus <enabledisable>

The tacserver command creates a list of up to five TACACS+ servers:

tacserver <adddelete> id=<num>

[ip=<ip-addr>] [port=<tcp-port>] [encrypt=<enabledisable>] [key=<string>]

The <adddelete> argument is mandatory and specifies whether to add or delete a TACACS+ server. The id argument is mandatory and sets the order to poll the TACACS+ servers for authentication. The ip argument is mandatory for adding and defines the IP address of the TACACS+ server. The port argument is mandatory for deleting and defines the TCP port number on which the server is listening. The encrypt argument enables or disables packet encryption and is mandatory for deleting. The key argument requires the secret shared key string must be supplied when encryption is enabled.

8.2.2Example

Example 8-1 below, illustrates how to configure TACACS+.

8–4

MULTILINK ML1200 MANAGED FIELD SWITCH – INSTRUCTION MANUAL

Page 142
Image 142
GE ML1200 Configuring TACACS+ through the Command Line Interface, Show tacplus statusservers, Tacplus enabledisable