Extreme Networks Summit 200-24 - Configuring TACACS+

To Next Page

To Previous Page

Authenticating Users

Summit 200 Series Switch Installation and User Guide 65

Configuring TACACS+

Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing

authentication, authorization, and accounting on a centralized server, similar in function to the RADIUS

client. The ExtremeWare version of TACACS+ is used to authenticate prospective users who are

attempting to administer the switch. TACACS+ is used to communicate between the switch and an

authentication database.

NOTE

You cannot use RADIUS and TACACS+ at the same time.

You can configure two TACACS+ servers, specifying the primary server address, secondary server

address, and UDP port number to be used for TACACS+ sessions.

Table 20 describes the commands that are used to configure TACACS+.

Table 20: TACACS+ Commands

Command Description

config tacacs [primary | secondary] server

[<ipaddress> | <hostname>] {<udp_port>} client-ip

Configure the server information for a

TACACS+ server. Specify the following:

• primary | secondary — Specifies

primary or secondary server

configuration. To remove a server, use

the address 0.0.0.0.

• <ipaddress> | <hostname> —

Specifies the TACACS+ server.

• <udp_port> — Optionally specifies

the UDP port to be used.

• client-ip — Specifies the IP

address used by the switch to identify

itself when communicating with the

TACACS+ server.

config tacacs [primary | secondary] shared-secret

{encrypted} <string>

Configures the shared secret string used

to communicate with the TACACS+ server.

config tacacs-accounting [primary | secondary]

server [<ipaddress> | <hostname>] {<udp_port>}

client-ip <ipaddress>

Configures the TACACS+ accounting

server. You can use the same server for

accounting and authentication.

config tacacs-accounting [primary | secondary]

shared-secret {encrypted} <string>

Configures the shared secret string used

to communicate with the TACACS+

accounting server.

disable tacacs Disables TACACS+.

disable tacacs-accounting Disables TACACS+ accounting.

disable tacacs-authorization Disables CLI command authorization.

enable tacacs Enables TACACS+. Once enabled, all CLI

logins are sent to one of the two

TACACS+ server for login name

authentication and accounting.

Main Page

Extreme Networks Summit 200-24 - Configuring TACACS+

Table of Contents

Other manuals for Extreme Networks Summit 200-24

Related product manuals