Security Configuration Command Set
Configuring TACACS+
Matrix DFE-Platinum and Diamond Series Configuration Guide 14-33
Command Defaults
None.
Command Type
Switch command.
Command Mode
Read-Write.
Usage
When session accounting is enabled, the TACACS+ server will log accounting
information, such as start and stop times, IP address of the client, and so forth, for
each authorized client session.
When the TACACS+ client is enabled on the Matrix switch (with the set tacacs
enable command), the session authorization parameters configured with this
command are sent by the client to the TACACS+ server when a session is initiated
on the Matrix switch. The parameter values must match a service and access level
attribute-value pairs configured on the server for the session to be authorized. If the
parameter values do not match, the session will not be allowed.
The service name and attribute-value pairs can be any character string, and are
determined by your TACACS+ server configuration.
Examples
This example configures the service requested by the TACACS+ client as the service name
“basic.”
This example maps the Matrix read-write access privilege level to an attribute named “priv-lvl”
with the value of 5 configured on the TACACS+ server.
This example enables TACACS+ session accounting.
Matrix(rw)->set tacacs session authorization service basic
Matrix(rw)->set tacacs session authorization read-write priv-lvl 5
Matrix(rw)->set tacacs session accounting enable
To Next Page
Loading...
