user tacacs+
Use this command to add or edit information used for Terminal Access Controller Access-Control System (TACACS+) authentication, a remote authentication protocol used to communicate with an authentication server. The default port for a TACACS+ server is 49. A maximum of 10 remote TACACS+ servers can be configured, and alternative authentication methods can be set for each server. These methods include CHAP, PAP, MS-CHAP, and ASCII. The host name for TACACS+ servers must comply with RFC1035.
config user tacacs+ edit {name} # Configure TACACS+ server entries. set name {string} TACACS+ server entry name. size[35] set server {string} Primary TACACS+ server CN domain name or IP address. size[63] set secondary-server {string} Secondary TACACS+ server CN domain name or IP address. size[63] set tertiary-server {string} Tertiary TACACS+ server CN domain name or IP address. size[63] set port {integer} Port number of the TACACS+ server. range[1-65535] set key {password_string} Key to access the primary server. size[128] set secondary-key {password_string} Key to access the secondary server. size[128] set tertiary-key {password_string} Key to access the tertiary server. size[128] set authen-type {option} Allowed authentication protocols/methods. mschap MSCHAP. chap CHAP. pap PAP. ascii ASCII. auto Use PAP, MSCHAP, and CHAP (in that order). set authorization {enable | disable} Enable/disable TACACS+ authorization. set source-ip {string} source IP for communications to TACACS+ server. size[63] next end
Additional information
The following section is for those options that require additional explanation.
authen-type {mschap | chap | pap | ascii | auto}
Authentication method for this TACACS+ server.
mschap
: MS-CHAPchap
: Challenge Handshake Authentication Protocolpap
: Password Authentication Protocolascii
: American Standard Code for Information Interchange, a protocol that represents characters as numerical values.auto
: Uses PAP, MS-CHAP, and CHAP (in that order). This is set by default.
authorization {enable | disable}
Enable or disable (by default) TACACS+ authorization.
key <key>
Key used to access the server.
port <port>
TACACS+ port number for this server. Set the value between 1-65535. The default is set to 49
.
secondary-key <key>
Key used to access the second server.
secondary-server <name/ip>
Name or IP address of the second sever.
server <name/ip>
Name or IP address of the TACACS+ sever.
source-ip <src-ip>
Enter the source IP address for communications to the TACACS+ server.
tertiary-key <key>
Key used to access the third server.
tertiary-server <name/ip>
Name or IP address of the third sever.