Programmable Internetworking & Communication Operating System Docs ... Click Spaces -> Space Directory to see docs for all releases ...
Page tree
Skip to end of metadata
Go to start of metadata

TACACS + uses TCP reliable transmission and data encryption transmission, it is a more secure AAA feature.

Configuring TACACS+ 

Procedure 

Step1         Enable TACACS+ function.

    set system aaa tacacs-plus disable <true | false>

Step2         Configure TACACS+ shared key.

    set system aaa tacacs-plus key <string>

    The value of TACACS+ shared key should be the same with that on the TACACS+ servers. The shared key should have a same value on different TACACS+ servers.

Step3         Configure IP address of TACACS+ server.

    set system aaa tacacs-plus server-ip <ipv4_address>

Step4         (Optional) Configure the port number of TACACS+ server.

    set system aaa tacacs-plus port-number <integer>

    By default, the port number of TACACS+ server is 49. The value of port number should be the same with that on the TACACS+ servers.   

Step5         Configure the source interface.

   set system aaa tacacs-plus source-interface <interface-name

Step6         (Optional) Configure TACACS+ connection timeout.

    set system aaa tacacs-plus timeout <integer>

    By default, the value of TACACS+ connection timeout is 5 seconds.

Step7         (Optional) Configure TACACS+ authentication type.

    set system aaa tacacs-plus auth-type <ascii | chap | pap>

    By default, the TACACS+ authentication type is ascii.

Step8         Enable TACACS+ authorization.

    set system aaa tacacs-plus authorization <true | false>

Step9         Enable TACACS+ accounting.

    set system aaa tacacs-plus accounting <true | false>

Step10       Commit the configurations.

    commit 

TACACS+ Configuration Example 

Networking Requirements

As shown in Figure 1, PC1, PC2, and PC3 connect to the internet through the PICA8 Switch. Configure TACACS+ function on PICA8 Switch to accomplish authentication, authorization, and accounting of PC1, PC2, and PC3 through TACACS + server1 and TACACS + server2. Suppose PICA8 Switch connects to the TACACS + servers through management interface eth0.

Figure 1. TACACS+ Networking Topology

Procedure

Step1         Enable TACACS+ function.          

admin@XorPlus# set system aaa tacacs-plus disable false

Step2         Configure shared key of the TACACS+ servers.

admin@XorPlus# set system aaa tacacs-plus key pica8

Step3         Configure TACACS+ server IP.

 admin@XorPlus# set system aaa tacacs-plus server-ip 10.10.51.2
admin@XorPlus# set system aaa tacacs-plus server-ip 10.10.51.3

Step4         (Optional) Configure the port number of TACACS+ server.

admin@XorPlus# set system aaa tacacs-plus port-number 50             

Step5         Configure the source interface.

admin@XorPlus# set system aaa tacacs-plus source-interface eth0           

Step6         (Optional) Configure TACACS+ connection timeout.

admin@XorPlus# set system aaa tacacs-plus timeout 30

Step7         (Optional) Configure TACACS+ authentication type.

 admin@XorPlus# set system aaa tacacs-plus auth-type chap       

Step8         Enable TACACS+ authorization.

admin@XorPlus# set system aaa tacacs-plus authorization true

Step9         Enable TACACS+ accounting.

admin@XorPlus# set system aaa tacacs-plus accounting true

Step10       Commit the configurations.

admin@XorPlus# commit

Check the Configuration

  •   You can use the show system aaa tacacs-plus command to view the configuration information of TACACS+.
admin@XorPlus# show system aaa tacacs-plus
Waiting for building configuration.
authorization: true
accounting: true
server-ip 10.10.53.53
key: "pica8"
  • No labels