Configure TACACS using CLI
About this task
Only users with the role SecurityAdmin or SystemAdmin can perform this task.

Note
For details about the command and its parameters, see the Extreme Fabric Automation Command Reference, 3.1.0Procedure
-
Run the following command:
efa auth tacacsconfig add -–host 10.24.15.200 -–port 49 --secret sharedsecret --protocol CHAP
The command validates the attributes. If the validation is successful, the attributes are saved in the database. These details are used to validate user credentials and fetch the user role during token generation.
-
Run the following role mapping
command to map TACACS server roles with the EFA roles:
efa auth tacacsconfig rolemapping add -–host 10.24.15.200 --tacacsRole=tacAdmin --xcoRole SystemAdmin
The rolemapping command validates whether or not the host is already configured in EFA. If yes, then the command maps the TACACS role with the EFA supported role. Similarly, the deletion of the host from TACACS config also deletes the TACACS roles of the host already configured using role mapping.
Example:
efa auth tacacsconfig rolemapping add --xcoRole=SystemAdmin --tacacsRole=admin --host=10.37.135.12 Successfully added the tacacs configuration. +--------------+-------------+-------------+----------------------------+ | Host | TACACS Role | XCO Role | Description of XCO Role | +--------------+-------------+-------------+----------------------------+ | 10.37.135.12 | admin | SystemAdmin | Complete privileges to all | | | | | operations in the system | +--------------+-------------+-------------+----------------------------+ efa auth tacacsconfig rolemapping show +--------------+-------------+-------------+----------------------------+ | Host | TACACS Role | XCO Role | Description of XCO Role | +--------------+-------------+-------------+----------------------------+ | 10.37.135.12 | admin | SystemAdmin | Complete privileges to all | | | | | operations in the system | +--------------+-------------+-------------+----------------------------+
-
Run the following command to
reset LDAP configuration:
efa auth ldapconfig reset --name kvm12.com --group-attribute --group-member-mappingattribute Reset LDAP configuration is successful efa auth ldapconfig reset --name kvm12.com --user-member-attribute Reset LDAP configuration is successful