Reference Guide
Security | 875
To specify a TACACS+ server host and configure its communication parameters, use the following
command in the CONFIGURATION mode:
To specify multiple TACACS+ server hosts, configure the
tacacs-server host command multiple times. If
multiple TACACS+ server hosts are configured, FTOS attempts to connect with them in the order in which
they were configured.
To view the TACACS+ configuration, use the
show running-config tacacs+ command in the EXEC
Privilege mode.
To delete a TACACS+ server host, use the
no tacacs-server host {hostname | ip-address} command.
freebsd2# telnet 2200:2200:2200:2200:2200::2202
Trying 2200:2200:2200:2200:2200::2202...
Connected to 2200:2200:2200:2200:2200::2202.
Escape character is '^]'.
Login: admin
Password:
FTOS#
FTOS#
!-The prompt is returned as the connection is authenticated.
Command Authorization
The AAA command authorization feature configures FTOS to send each configuration command to a
TACACS server for authorization before it is added to the running configuration.
By default, the AAA authorization commands configure the system to check both EXEC mode and
CONFIGURATION mode commands. Use the command
no aaa authorization config-commands to enable
only EXEC mode command checking.
Command Syntax Command Mode Purpose
tacacs-server host {hostname |
ipv4-address | ipv6-address} [port
port-number] [timeout seconds]
[key key]
CONFIGURATION Enter the host name or IP address of the TACACS+
server host. Configure the optional communication
parameters for the specific host:
• port port-number range: 0 to 65335. Enter a TCP
port number. The default is 49.
• timeout seconds range: 0 to 1000. Default is 10
seconds.
• key key: Enter a string for the key. The key can be
up to 42 characters long. This key must match a key
configured on the TACACS+ server host. This
parameter should be the last parameter configured.
If these optional parameters are not configured, the
default global values are applied.