The following command enables TACACS+ on the TACACS+ client for this device:
System(rw)->set tacacs enable
The following commands configure and verify two TACACS servers for this device to indexes 1 and 2. Index 1 has an IP address of 10.10.10.20 on port 49 with a secret mysecret1. Index 2 has an IP address of 10.10.10.30 on port 49 with a secret of mysecret2. The server timeout value will remain at the default of 10 seconds.
System(rw)->set tacacs server 1 10.10.10.20 49 mysecret1 System(rw)->set tacacs server 2 10.10.10.30 49 mysecret2 System(rw)->show tacacs server all TACACS+ Server IP Address Port Timeout Status -------------- --------------- ----- ------- ------- 1 10.10.10.20 49 10 Active 2 10.10.10.30 49 10 Active System(rw)->
The following command enables and verifies session authorization for the exec service:
Print
this page
Email this topic
Feedback
View PDF
Download EPUBSystem(rw)->set tacacs session authorization service exec
System(rw)->show tacacs session authorization
TACACS+ service: exec
TACACS+ session authorization A-V pairs:
access level attribute value
read-only 'priv-lvl' '0'
read-write 'priv-lvl' '1'
super-user 'priv-lvl' '15'
System(rw)->
The following commands enable and verify session accounting, followed by commands that enable both accounting and authorization on a per command basis, for this device:
System(rw)->set tacacs session accounting enable System(rw)->show tacacs session accounting TACACS+ session accounting state: enabled System(rw)->set tacacs command accounting enable System(rw)->set tacacs command authorization enable System(rw)->
The following command enables the TCP single connection feature for this device:
System(rw)->set tacacs singleconnect System(rw)->