TACACS+ Configuration Example

This section provides a sample TACACS+ client configuration that:

All other client configuration features use the default settings as described Configuring the TACACS+ Client for Authentication and Authorization or in the Switch Engine 32.7.1 Command Reference Guide .

configure tacacs primary server 10.201.31.238 client-ip 10.201.31.85 vr "VR-Default"
configure tacacs primary shared-secret purple
configure tacacs secondary server 10.201.31.235 client-ip 10.201.31.85 vr "VR-Default"
configure tacacs secondary shared-secret purple
enable tacacs

IPv6 servers can be configured similarly using the following commands:

configure tacacs primary server 2111::220 client-ip 2111::85 vr "VR-Default"
configure tacacs primary shared-secret purple
configure tacacs secondary server 2111::210 client-ip 2111::85 vr "VR-Default"
configure tacacs secondary shared-secret purple
configure tacacs primary server 1111::220 client-ip 1111::170 vr vr-mgmt

To display the TACACS+ client configuration, use the show tacacs command. Below is sample output from this command:

TACACS+: enabled
TACACS+ Authorization: disabled
TACACS+ Accounting : disabled
TACACS+ Server Connect Timeout sec: 3
Primary TACACS+ Server:
    Server name   :
    IP address    :  10.201.31.238
    Server IP Port:  49
    Client address:  10.201.31.85 (VR-Default)
    Shared secret :  purple
Secondary TACACS+ Server:
    Server name   :
    IP address    :  10.201.31.235
    Server IP Port:  49
    Client address:  10.201.31.85 (VR-Default)
    Shared secret :  purple
TACACS+ Acct Server Connect Timeout sec: 3
Primary TACACS+ Accounting Server:Not configured
Secondary TACACS+ Accounting Server:Not configured