Configuring TACACS+ authentication

Configure what application TACACS+ authenticates: CLI, web, or all.

TACACS+ authentication provides control of authentication through login and password.

By default, CLI authentication is enabled.

Before you begin

  • You must enable TACACS+ globally for TACACS+ authentication to function.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Configure TACACS+ authentication:

    tacacs authentication <all/cli/web>

  3. Optional: Disable TACACS+ authentication:

    no tacacs authentication <all/web>

  4. Optional: Configure TACACS+ authentication to the default settings (default is cli authentication enabled):

    default tacacs authentication <all/cli/web>

  5. Display the configuration:

    show tacacs

Example

Configure TACACS+ to authenticate CLI and display the configuration.
Switch:1>enable
Switch:1#configure terminal
Switch:1(config)#tacacs authentication cli
Switch:1(config)#show tacacs
Global Status:

   global enable : true

   authentication enabled for : cli 

   accounting enabled for : none 


Server:
	              create :

Prio     Status  Key     Port  IP address  Timeout  SingleSource Source  Enabled 
Primary  Conn    ******  49    192.0.2.1       10   false        0.0.0.0 false   
Backup   NotConn ******  49    198.51.100.2    10   false        0.0.0.0 false

Variable Definitions

The following table defines parameters for the tacacs authentication command.

Variable

Value

all

Specifies TACACS+ authentication for all applications. By default, CLI authentication is enabled.

cli

Specifies TACACS+ authentication for command line connections. By default, CLI authentication is enabled.

web

Specifies TACACS+ authentication for web connections. By default, CLI authentication is enabled.
9037147-00 Rev AB