configure tacacs server

configure [tacacs | tacas-accounting] [[primary | secondary] server [host_ipaddress | host_ipv6address | hostname] {tcp_port} client-ip [client_ipaddress | client_ipv6address] | client-vlan [vlan_name | future_vlan_name] {ipv4 | ipv6}] {vr vr_name}]

Description

Configures the TACACS+ server.

Syntax Description


tacas	Configures the TACACS+ server.
tacas-accounting	Configure TACACS+ accounting server.
primary	Configures the primary TACACS+ accounting server.
secondary	Configures the secondary TACACS+ accounting server.
`host_ipaddress`	The IP address of the TACACS+ accounting server being configured.
`host_ipv6address`	The IPv6 address of the TACACS+ accounting server being configured.
`hostname`	The host name of the TACACS+ accounting server being configured.
`tcp_port`	The TCP port to use to contact the TACACS+ server.
`client_ipaddress`	The client IP address used by the switch to identify itself when communicating with the TACACS+ accounting server.
`client_ipv6address`	The client IPv6 address used by the switch to identify itself when communicating with the TACACS+ accounting server.
client-vlan	Specifies client VLAN.
`vlan_name`	Specifies the VLAN name.
`future_vlan_name`	Specifies the VLAN name that will be created in the future. Range 1-32.
ipv4	Specifies the primary IPv4 address will be used as the client IP address.
ipv6	Specifies the primary IPv6 address will be used as the client IP address.
`vr_name`	Specifies the virtual router on which the client IP is located. Note: User-created VRs are supported only on the platforms listed for this feature in the ExtremeXOS v33.2.1 Licensing Guide document.

Default

Unconfigured. The default virtual router is VR-Mgmt, the management virtual router.

Usage Guidelines

You can use the same TACACS+ server for accounting and authentication.

To remove a server, use the following command:

unconfigure tacacs server [primary | secondary]

Example

The following command configures server tacacs1 as the primary TACACS+ accounting server for client switch 10.10.20.35 using a virtual router interface of VR-Default:

configure tacacs-accounting primary server tacacs1 client-ip 10.10.20.35 vr vr-Default

Example

The following command configures IPv6 server 1111::220 as the primary TACACS+ server for client switch 1111::170 using virtual router interface of vr-mgmt:

# configure tacacs primary server 1111::220 client-ip 1111::170 vr vr-mgmt

The following command configures IPv4 server 10.11.11.11 as the primary TACACS+ server for client-vlan vlan_v4 using virtual router interface of VR-Default:

# configure tacacs primary server 10.11.11.11 client-vlan vlan_v4 vr VR-Default

History

This command was first available in ExtremeXOS 10.1.

IPv6 support was added in ExtremeXOS 32.6.

The client-vlan keyword was added in version 33.4.1.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, and X695 series switches.