13.1.3 AAA configuration algorithm via TACACS
Step Description Command Keys
1 Set the DSCP code global value for the
use in IP headers of TACACS server
egress packets (optional).
esr(config)# tacacs-server dscp
<DSCP>
<DSCP> – DSCP code value,
takes values in the range of
[0..63].
Default value: 63.
2 Set the global value of the interval after
which the router assumes that the
TACACS server is not available
(optional).
esr(config)# tacacs-server timeout
<SEC>
<SEC> – time interval in
seconds, takes values of
[1..30].
Default value: 3 seconds.
3 Add TACACS server to the list of used
servers and switch to its configuration
mode.
esr(config)# tacacs -server host
{ <IP-ADDR> | <IPV6-ADDR> } [ vrf
<VRF> ]
esr(config-tacacs-server)#
<IP-ADDR> – TACACS server IP
address, defined as
AAA.BBB.CCC.DDD where each
part takes values of [0..255]
<IPV6-ADDR> – TACACS server
IPv6 address, defined as
X:X:X:X::X where each part
takes values in hexadecimal
format [0..FFFF]
<VRF> – VRF instance name,
set by the string of up to 31
characters.
4 Specify the number of failed
authentication attempts to block the
user login and time of the lock (optional)
aaa authentication attempts max-
fail <COUNT> <TIME>
<COUNT> – amount of failed
authentication attempts after
which a user is blocked, takes
the values of [1..65535];
<TIME> – user blocking time in
minutes, takes the values of
[1..65535].
Default value:
<COUNT> – 5; <TIME> – 300
5 Set the password for authentication on
remote TACACS server.
esr(config-tacacs-server)# key
ascii-text { <TEXT> | encrypted
<ENCRYPTED-TEXT> }
<TEXT> – string [8..16] ASCII
characters;
<ENCRYPTED-TEXT> –
encrypted password, [8..16]
bytes size, set by the string of
[16..32] characters.
To Next Page
Loading...
