Chapter 3: Management Commands 125
TACACS+ Commands
TACACS+ provides access control for networked devices via one or more
centralized servers. Similar to RADIUS, this protocol simplifies authentication
by making use of a single database that can be shared by many clients on a large
network. TACACS+ is based on the TACACS protocol (described in RFC1492)
but additionally provides for separate authentication, authorization, and
accounting services. The original protocol was UDP based with messages passed
in clear text over the network; TACACS+ uses TCP to ensure reliable delivery
and a shared key configured on the client and daemon server to encrypt all
messages.
tacacs-server host Use the
tacacs-server host
command in Global Configuration mode to
configure a TACACS+ server. This command enters into the TACACS+
configuration mode. The
ip-address|hostname parameter is the IP address or
hostname of the TACACS+ server. To specify multiple hosts, multiple
tacacs-
server host
commands can be used.
no tacacs-server
host
Use the
no tacacs-server host command to delete the specified hostname or
IP address. The
ip-address|hostname parameter is the IP address of the
TACACS+ server.
tacacs-server key Use the
tacacs-server key
command to set the authentication and encryption
key for all TACACS+ communications between the switch and the TACACS+
daemon. The
key-string parameter has a range of 0 - 128 characters and
specifies the authentication and encryption key for all TACACS communications
between the switch and the TACACS+ server. This key must match the key used
on the TACACS+ daemon.
Format
tacacs-server host
ip-address|hostname
Mode Global Config
Format
no tacacs-server host
ip-address|hostname
Mode Global Config
To Next Page
Loading...
Need help?
General
