MES3000 Ethernet switch series 139
5.18.3 TACACS+ protocol
TACACS+ protocol provides centralized security system for authentication of users gaining access to
the device, while ensuring compatibility with RADIUS and other authentication processes. TACACS+
provides the following services:
Authentication. Used during login with usernames and passwords specified by users.
Authorization. Used during login. After the authentication session has been completed,
authorization session will start with the verified username; user privileges will be verified by
the server.
Global configuration mode commands
Command line request in global configuration mode appears as follows:
console(config)#
Table 5.151 —Global configuration mode commands
tacacs-server host
{ip_address | hostname}
[single-connection] [port port]
[timeout timeout] [key
secret_key] [encrypted key
encrypted_key] [source
source_ip_address] [priority
priority]
hostname: (1..158)
characters;
port: (0..65535)/49;
timeout: (1..30)
seconds;
retries: (1..10);
time (0..2000) minutes;
secret_key: (0..128)
characters;
encrypted_key:
(0..128) characters;
priority: (0..65535)/0
Add the selected server into the list of utilized TACACS servers.
- ip_address—TACACS server IP address
- hostname—TACACS server network name
- single-connection—restrict the number of connections for data
exchange with TACACS server to only one at a time
- port—port number for data exchange with TACACS server
- timeout—server response interval
- secret_key—authentication and encryption key for TACACS data
exchange
- encrypted_key—encrypted authentication and encryption key for
TACACS data exchange
- source_ip_address—IP address used as the default source
address being sent in TACACS protocol messages
- priority—TACACS server utilization priority (the lower the value,
the higher the server priority)
If timeout, key, source_ip_address parameters are missing from
the command, the current TACACS server use values configured
with the following commands.
no tacacs-server host
{ip_address | hostname}
Remove the selected server from the list of utilized TACACS
servers.
key: (0..128)
characters/default key
is an empty string
Define the default key for authentication and encryption of
TACACS data exchange between the device and TACACS
environment.
Restore the default value.
tacacs-server timeout timeout
timeout: (1..30)/5
seconds
Define the default server response interval.
tacacs-server source-ip
source_ip_address
Define the switch IP address used by default for message
exchange with TACACS server
no tacacs-server source-ip
source_ip_address
Define the switch interface IP address utilization for message
exchange with TACACS server
EXEC mode commands
Command line request in EXEC mode appears as follows:
console#
To Next Page
Loading...
