TACACS+ Configuration describes how to configure TACACS+ on an S- K- and 7100-Series device. TACACS+ commands can be entered in any command mode.
Step | Task | Command(s) |
---|---|---|
1 | Enable or disable the TACACS+ client. | set tacacs {enable | disable} |
2 | Configure the TACACS+ server(s) to be used by the TACACS+ client. | set tacacs server {index [ipaddress port [secret]] | all timeout timeout} |
3 | Optionally, enable TACACS+ session accounting | set tacacs session accounting enable |
4 | Optionally, configure the TACACS+ session authorization service or privilege level. The attribute for privilege level is: priv-lvl. | set tacacs session {authorization service name | read-only attribute value | read-write attribute value | super-user attribute value} |
5 | Optionally, enable per command accounting within an authorized session. | set tacacs command accounting enable |
6 | Optionally, enable per command authorization. | set tacacs command authorization enable |
7 | Optionally, enable the TCP single connection feature for this device. | set tacacs singleconnect enable |
Managing TACACS+ describes how to manage TACACS+ on an S- K- and 7100-Series device. All TACACS+ commands can be entered in any command mode.
Task | Command(s) |
---|---|
Display TACACS+ configuration or state. | show tacacs [state] |
Display the current TACACS+ server configuration. | show tacacs server {index | all} |
Clear the TACACS+ server configuration or reset the server timeout to the default value. | clear tacacs server {all | index} [timeout] |
Display the current TACACS+ client session settings. | show tacacs session {authorization | accounting} [state] |
Reset TACACS+ session authorization settings to their default values. | clear tacacs session authorization {[service] [read-only] [read-write] [super-user]} |
Display the current TACACS+ single connect state. | show tacacs singleconnect [state] |