For instructions on defining users and administrative privileges on the system, refer to Configuring System
Administrative Users.
Important
Configuring TACACS+ AAA Services
This section provides an example of how to configure TACACS+ AAA services for administrative users on
the system.
When configuring TACACS+ AAA services for the first time, the administrative user must use
non-TACACS+ services to log into the StarOS. Failure to do so will result in the TACACS+ user being
denied access to the system.
Caution
Log in to the system using non-TACACS+ services.
Use the example below to configure TACACS+ AAA services on the system:
configure
tacacs mode
server priority priority_number ip-address tacacs+srvr_ip_address
end
Note:
•
server priority priority_number: Must be an integer from 1 to 3 (releases prior to 18.2) or 1 through
4 (releases 18.2+), that specifies the order in which this TACACS+ server will be tried for TACACS+
authentication. 1 is the highest priority, and 3 or 4 is the lowest. The priority number corresponds to a
configured TACACS+ server.
•
ip-address: Must be the IPv4 address of a valid TACACS+ server that will be used for authenticating
administrative users accessing this system via TACACS+ AAA services.
•
By default, the TACACS+ configuration will provide authentication, authorization, and accounting
services.
Enable TACACS+ on the StarOS:
configure
aaa tacacs+
end
For additional information, see Disable TACACS+ Authentication for Console, on page 64.
Save the configuration as described in the Verifying and Saving Your Configuration chapter.
For complete information on all TACACS+ Configuration Mode commands and options, refer to the
TACACS Configuration Mode Commands chapter in the Command Line Reference.
Important
ASR 5500 System Administration Guide, StarOS Release 21.4
62
System Settings
Configuring TACACS+ AAA Services
To Next Page
Loading...
Need help?
General
