Switch User Manual

ManualsBrandsEnterasys Networks ManualsSwitchSECURESTACK 9034313-07

841

842

843

844

845

846

847

848

849

850

set tacacs session TACACS+ Configuration

SecureStack C3 Configuration Guide 27-7

set tacacs session

UsethiscommandtoenableordisableTA CACS+sessionaccounting,ortoconfigureTACACS+

sessionauthorizationparameters.Forsimplicity,separatesyntaxformatsareshownfor

configuringsessionaccountingandsessionauthorization.

Syntax

set tacacs session accounting {enable | disable}

set tacacs session authorization {service name | read-only attribute value |

read-write attribute value | super-user attribute value}

Parameters

Defaults

None.

Mode

Switchcommand,Read‐Write.

Usage

Whensessionaccountingisenabled,theTACACS+serverwilllogaccountinginformation,suchas

startandstoptimes,IPaddressoftheclient,andsoforth,foreachauthorizedclientsession.

WhentheTACACS+clientisenabledontheswitch(withthesettacacsenablecommand),the

sessionauthorizationparametersconfigured

withthiscommandaresentbytheclienttothe

TACACS+serverwhenasessionisinitiatedontheswitch.Theparametervaluesmustmatcha

serviceandaccesslevelattribute‐valuepairsconfiguredontheserverforthesessiontobe

authorized.Iftheparametervaluesdonotmatch,the

sessionwillnotbeallowed.

accounting SpecifiesthatTACACS+sessionaccountingisbeingconfigured.

enable|disable EnablesordisablesTACACS+sessionaccounting.

authorization SpecifiesthatTACACS+sessionauthorizationisbeingconfigured.

servicename SpecifiesthenameoftheservicethattheTA CACS+ clientwillrequest

fromtheTACACS+server.Thenamespecifiedhere

mustmatchthe

nameofaserviceconfiguredontheserver.Thedefaultservicenameis

exec.

read‐onlyattribute

value

Specifiesthattheread‐onlyaccessprivilegelevelshouldbematchedto

aprivilegelevelconfiguredontheTACACS+serverbymeansofan

attribute‐valuepairspecifiedbyattribute

andvalue.

Bydefault,attributeis“priv‐lvl”andvalueis0.

read‐writeattribute

value

Specifiesthattheread‐writeaccessprivilegelevelshouldbematchedto

aprivilegelevelconfiguredontheTACACS+serverbymeansofan

attribute‐valuepairspecifiedbyattributeandvalue.

Bydefault,attributeis

“priv‐lvl”andvalueis1.

super‐userattribute

value

Specifiesthatthesuper‐useraccesspriv ilegelevelshouldbematchedto

aprivilegelevelconfiguredontheTACACS+serverbymeansofan

attribute‐valuepairspecifiedbyattributeandvalue.

Bydefault,attributeis“priv‐lvl”andvalueis

15.