show tacacs

show TACACS information.

Syntax

show tacacs

Default

None

Command Mode

User EXEC

Command Output

The show tacacs command displays the following information:


Output field	Description
Global Status
global enable	Displays if the TACACS+ feature is enabled globally.
authentication enabled for	Displays which application is authenticated by TACACS+. The possibilities are CLI, web, or all.
accounting enabled for	Displays if accounting is enabled. You can only enable accounting for CLI. By default, accounting is not enabled.
authorization	Displays if authorization is enabled.
User privilege levels set for command authorization	Displays the privilege levels set for command authorization. When you configure command authorization for a particular level, all commands that you execute are sent to the TACACS+ server for authorization. The device can only execute the commands the TACACS+ server authorizes. The user privilege levels are: 0: denied access 1: read only (ro) access 2: Layer 1 read and write (l1) access 3: Layer 2 read and write (l2) access 4: Layer 3 read and write (l3) access 5: read and write (rw) access 6: read and write all (rwa) access 7-14: denied access 15: read and write all (rwa) access
Server
Prio	Displays the priority of the TACACS+ server. The switch attempts to use the primary server first, and the secondary server second.
Status	Displays the connection status between the server and the switch – connected or not connected.
Key	Displays as ****** instead of the actual key. The key is secret and is not visible.
Port	Displays the TCP port used to establish the connection to the server. The default port is 49.
IP address	Displays the IP address for the primary and secondary TACACS+ servers.
Timeout	Displays the period of time, in seconds, the switch waits for a response from the TACACS+ daemon before it times out and declares an error. The default is 10 seconds.
Single	Displays if a single open connection is maintained between the switch and TACACS+ daemon, or if the switch opens and closes the TCP connection to the TACACS+ daemon each time they communicate. The default is false, which means the device does not maintain the single open connection.
Source Note: Exception: only supported on VSP 8600 Series.	Displays the fixed source IP address, if you configure one, for all outgoing TACACS+ packets.
SourceEnabled Note: Exception: only supported on VSP 8600 Series.	Displays if the fixed source IP address is enabled for all outgoing TACACS+ packets.

9037144-00 Rev AA