TACACS+
26-14 Configuring Security Features
Basic TACACS+ Configuration
Procedure 26-4 describes the basic steps to configure TACACS+ on Enterasys devices. It assumes
that you have gathered the necessary TACACS+ server information, such as the server’s IP
address, the TCP port to use, shared secret, the authorization service name, and access level
attribute-value pairs.
Note: You must be logged in to the Enterasys device with read-write access rights to use the
commands shown in this procedure.
Procedure 26-4 TACACS+ Configuration
Step Task Command(s)
1. Enable the TACACS+ client.
To disable the TACACS+ client, use the set tacacs
disable command.
set tacacs enable
2. Configure the TACACS+ servers, up to a maximum of
five, to be used by the TACACS+ client. Define the IP
address, TCP port, and secret for each server.
To remove one or all configured TACACS+ servers,
use the clear tacacs server {all | index} command.
set tacacs server index address
port secret
3. Optionally, change the timeout for each server from
the default, 10 seconds. Possible timeout values are
1–30 seconds.
To return the timeout value to its default value for one
or all configured TACACS+ servers, use the clear
tacacs server {all | index} timeout command.
set tacacs server {all | index}
timeout seconds
4. Optionally, enable session accounting.
To disable TACACS+ session accounting, use the set
tacacs session accounting disable command.
set tacacs session accounting
enable
5.
Optionally, configure the TACACS+ session
authorization service or access level. The default
service name is “exec.”
Refer to Table 26-7 on page 26-13 for the default
values of the access level attribute-value pairs.
To return the TACACS+ session authorization
settings to their default values, use the clear tacacs
session authorization {[service] [read-only]
[read-write] [superuser]} command.
set tacacs session
{authorization service name |
read-only attribute value |
read-write attribute value |
super-user attribute value}
6. Optionally, enable per-command accounting.
To disable TACACS+ accounting on a per-command
basis, use the set tacacs command accounting
disable command.
set tacacs command accounting
enable
7. Optionally, enable per-command authorization.
To disable TACACS+ authorization on a
per-command basis, use the set tacacs command
authorization disable command.
set tacacs command authorization
enable
To Next Page
Loading...
Need help?
General