The following command enables TACACS+ on the TACACS+ client for this device:
System(rw)->set tacacs enable
The following commands configure and verify two TACACS servers for this device to indexes 1 and 2. Index 1 has an IP address of 10.10.10.20 on port 49 with a secret mysecret1. Index 2 has an IP address of 10.10.10.30 on port 49 with a secret of mysecret2. The server timeout value will remain at the default of 10 seconds.
System(rw)->set tacacs server 1 10.10.10.20 49 mysecret1 System(rw)->set tacacs server 2 10.10.10.30 49 mysecret2 System(rw)->show tacacs server all TACACS+ Server IP Address Port Timeout Status -------------- --------------- ----- ------- ------- 1 10.10.10.20 49 10 Active 2 10.10.10.30 49 10 Active System(rw)->
The following command enables and verifies session authorization for the exec service:
System(rw)->set tacacs session authorization service exec System(rw)->show tacacs session authorization TACACS+ service: exec TACACS+ session authorization A-V pairs: access level attribute value read-only 'priv-lvl' '0' read-write 'priv-lvl' '1' super-user 'priv-lvl' '15' System(rw)->
The following commands enable and verify session accounting, followed by commands that enable both accounting and authorization on a per command basis, for this device:
System(rw)->set tacacs session accounting enable System(rw)->show tacacs session accounting TACACS+ session accounting state: enabled System(rw)->set tacacs command accounting enable System(rw)->set tacacs command authorization enable System(rw)->
The following command enables the TCP single connection feature for this device:
System(rw)->set tacacs singleconnect System(rw)->