Configure TACACS using CLI

Only users with the role SecurityAdmin or SystemAdmin can perform this task.

Note

Note

For details about the command and its parameters, see the ExtremeCloud Orchestrator Command Reference, 3.5.0 .
  1. Run the following command: 
    efa auth tacacsconfig add -–host 10.24.15.200 -–port 49 --secret sharedsecret --protocol CHAP

    The command validates the attributes. If the validation is successful, the attributes are saved in the database. These details are used to validate user credentials and fetch the user role during token generation.

  2. Run the following role mapping command to map TACACS server roles with the XCO roles: 
    efa auth tacacsconfig rolemapping add -–host 10.24.15.200 --tacacsRole=tacAdmin --xcoRole SystemAdmin

    The rolemapping command validates whether or not the host is already configured in XCO. If yes, then the command maps the TACACS role with the XCO supported role. Similarly, the deletion of the host from TACACS config also deletes the TACACS roles of the host already configured using role mapping.

    Example:

    efa auth rolemapping add --name=tacAdmin --role SystemAdmin --auth-type TACACS 
--auth-identifier 10.37.32.51
Successfully added the role mapping.

+--------------+--------------------+
| attribute  | value                |
+--------------+--------------------+
| id               | 5                       |
+--------------+--------------------+
| name       | tacAdmin          |
+-------------+---------------------+
| role          | SystemAdmin  |
+-------------+---------------------+
| type         | GROUP             |
+-------------+---------------------+
| auth type  | TACACS          |
+-------------+--------------------+
| identifier| 10.37.32.51     |
+-------------+--------------------+

efa auth rolemapping show
+----+--------------+--------------------+-----------+--------------+---------------------+
| ID | Name         | Role               | Type      | Auth Type    | Auth Identifier     |
+----+--------------+--------------------+-----------+--------------+---------------------+
| 3  | admin        | SystemAdmin        | GROUP     |    TACACS    | 10.37.32.51         |
+----+--------------+--------------------+-----------+--------------+---------------------+
| 5  | tacAdmin     | SystemAdmin        | GROUP     |    TACACS    |    10.37.32.51      |
+----+--------------+--------------------+-----------+--------------+---------------------+
| 1  | user         |        SystemAdmin |   USER     | HOST         |                    |
+----+--------------+--------------------+-----------+--------------+---------------------+
9038091-00 Rev AA