Configure TACACS using CLI

About this task

Only users with the role SecurityAdmin or SystemAdmin can perform this task.

Note

Note

For details about the command and its parameters, see the Extreme Fabric Automation Command Reference, 3.1.0

Procedure

  1. Run the following command: 
    efa auth tacacsconfig add -–host 10.24.15.200 -–port 49 --secret sharedsecret --protocol CHAP

    The command validates the attributes. If the validation is successful, the attributes are saved in the database. These details are used to validate user credentials and fetch the user role during token generation.

  2. Run the following role mapping command to map TACACS server roles with the EFA roles: 
    efa auth tacacsconfig rolemapping add -–host 10.24.15.200 --tacacsRole=tacAdmin --xcoRole SystemAdmin

    The rolemapping command validates whether or not the host is already configured in EFA. If yes, then the command maps the TACACS role with the EFA supported role. Similarly, the deletion of the host from TACACS config also deletes the TACACS roles of the host already configured using role mapping.

    Example:

    efa auth tacacsconfig rolemapping add --xcoRole=SystemAdmin --tacacsRole=admin --host=10.37.135.12
Successfully added the tacacs configuration.

+--------------+-------------+-------------+----------------------------+
| Host         | TACACS Role | XCO Role    | Description of XCO Role    |
+--------------+-------------+-------------+----------------------------+
| 10.37.135.12 | admin       | SystemAdmin | Complete privileges to all |
|              |             |             | operations in the system   |
+--------------+-------------+-------------+----------------------------+

efa auth tacacsconfig rolemapping show
+--------------+-------------+-------------+----------------------------+
| Host         | TACACS Role | XCO Role    | Description of XCO Role    |
+--------------+-------------+-------------+----------------------------+
| 10.37.135.12 | admin       | SystemAdmin | Complete privileges to all |
|              |             |             | operations in the system   |
+--------------+-------------+-------------+----------------------------+
  3. Run the following command to reset LDAP configuration: 
    efa auth ldapconfig reset --name kvm12.com --group-attribute --group-member-mappingattribute
Reset LDAP configuration is successful
efa auth ldapconfig reset --name kvm12.com --user-member-attribute
Reset LDAP configuration is successful
9037632-00 Rev AA