Authenticating Users
Summit24e3 Switch Installation and User Guide 61
attempting to administer the switch. TACACS+ is used to communicate between the switch and an
authentication database.
NOTE
You cannot use RADIUS and TACACS+ at the same time.
You can configure two TACACS+ servers, specifying the primary server address, secondary server
address, and UDP port number to be used for TACACS+ sessions.
Table 16 describes the commands that are used to configure TACACS+.
Table 16: TACACS+ Commands
Command Description
config tacacs [primary | secondary] server
[<ipaddress> | <hostname>] {<udp_port>} client-ip
<ipaddress>
Configure the server information for a
TACACS+ server. Specify the following:
• primary | secondary — Specifies
primary or secondary server
configuration. To remove a server, use
the address 0.0.0.0.
• <ipaddress> | <hostname> —
Specifies the TACACS+ server.
• <udp_port> — Optionally specifies
the UDP port to be used.
• client-ip — Specifies the IP
address used by the switch to identify
itself when communicating with the
TACACS+ server.
config tacacs [primary | secondary] shared-secret
{encrypted} <string>
Configures the shared secret string used
to communicate with the TACACS+ server.
config tacacs-accounting [primary | secondary]
server [<ipaddress> | <hostname>] {<udp_port>}
client-ip <ipaddress>
Configures the TACACS+ accounting
server. You can use the same server for
accounting and authentication.
config tacacs-accounting [primary | secondary]
shared-secret {encrypted} <string>
Configures the shared secret string used
to communicate with the TACACS+
accounting server.
disable tacacs Disables TACACS+.
disable tacacs-accounting Disables TACACS+ accounting.
disable tacacs-authorization Disables CLI command authorization.
enable tacacs Enables TACACS+. Once enabled, all CLI
logins are sent to one of the two
TACACS+ server for login name
authentication and accounting.
enable tacacs-accounting Enables TACACS+ accounting. If
accounting is use, the TACACS+ client
must also be enabled.
enable tacacs-authorization Enables CLI command authorization.
When enabled, each command is
transmitted to the remote TACACS+
server for authorization before the
command is executed.
To Next Page
Loading...
