UFM-SDN App CLI Guide
UFM-SDN App CLI Guide
Breadcrumbs

TACACS+

tacacs-server


tacacs-server {key <secret>| retransmit <retries> | timeout <seconds>}
no tacacs-server {key | retransmit | timeout}

Sets global TACACS+ server attributes.
The no form of the command resets the attributes to default values.

Syntax Description

key

Set a secret key (shared hidden text string) known to the system and to the TACACS+ server

retransmit

Number of retries (0-5) before exhausting from the authentication

timeout

Timeout in seconds between each retry (1-60)

Default

3 seconds, 1 retry

Configuration Mode

config

History

1.5

Example

 


ufmapl [ mgmt-sa ] (config) # tacacs-server retransmit 3


Related Commands

aaa authorization
show radius
show tacacs
tacacs-server host

Notes

Each TACACS+ server can override those global parameters using the command "tacacs-server host"

tacacs-server host


tacacs-server host <ip-address> {enable | auth-port <port> | auth-type <type> | key <secret> | retransmit <retries> | timeout <seconds>}
no tacacs-server host <ip-address> {enable | auth-port}

Configures TACACS+ server attributes.
The no form of the command resets the attributes to their default values and deletes the TACACS+ server.

Syntax Description

ip-address

TACACS+ server IP address

enable

Administrative enable for the TACACS+ server

auth-port

TACACS+ server UDP port number

key

Set a secret key (shared hidden text string) known to the system and to the TACACS+ server

retransmit

Number of retries (0-5) before exhausting from the authentication

timeout

Timeout in seconds between each retry (1-60)

Default

3 seconds, 1 retry
Default TCP port is 49
Default auth-type is PAP

Configuration Mode

config

History

1.5

Example

 


ufmapl [ mgmt-sa ] (config) # tacacs-server host 40.40.40.40


Related Commands

aaa authorization
show tacacs
tacacs-server

Notes

  • TACACS+ servers are tried in the order they are configured

  • A PAP auth-type similar to an ASCII login, except that the username and password arrive at the network access server in a PAP protocol packet instead of being typed in by the user, so the user is not prompted

  • If the user does not specify a parameter for this configured TACACS+ server, the configuration will be taken from the global TACACS+ server configuration. Refer to "tacacs-server" command.

show tacacs


show tacacs

Displays TACACS+ configurations.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any configuration mode

History

1.5

Example

 


ufmapl [ mgmt-sa ] (config) # show tacacs
TACACS+ defaults:
    Key:             3333
    Timeout:         3
    Retransmit:      1
TACACS+ servers:
   40.40.40.40:49
      Enabled:         yes
      Auth-type         PAP
      Key:             3333 (default)
      Timeout:         3 (default)
      Retransmit:      1 (default)


Related Commands

aaa authorization
tacacs-server
tacacs-server host

Notes



Last updated: