Specifications
Configuring TACACS+
December 2, 2010 Page 3 of 7
Configuring TACACS+
Default Settings
Table 1liststheTACACS+parameters(asdisplayedthroughtheshow tacacscommand)and
theirdefaultvalues.
Table 1 TACACS+ Parameters
Parameter Description Default Value
TACACS+ state Whether the TACACS+ client is enabled or disabled. Disabled
TACACS+ service The name of the service that is requested by the
TACACS+ client for session authorization.
exec
TACACS+ session
authorization A-V
pairs
The attribute-value pairs that are mapped to the
read-only, read-write, and super-user access privilege
levels for the service requested for session
authorization.
read-only: “priv-lvl”, 0
read-write: “priv-lvl”, 1
super-user: “priv-lvl”, 15
TACACS+ session
accounting state
The TACACS+ client sends session accounting
information, such as start and stop times, to a TACACS+
server for logging.
Disabled
TACACS+ command
authorization state
The TACACS+ client checks with a TACACS+ server
whether each command is permitted for that authorized
session.
Disabled
TACACS+ command
accounting state
The TACACS+ client sends command accounting
information, such as the command string and IP address
of the remote user, to a TACACS+ server for logging.
Disabled
TACACS+
singleconnect state
The TACACS+ client sends multiple requests to a
TACACS+ server over a single TCP connection.
Disabled
TACACS+ Server
Timeout
The period of time (in seconds) the device waits for a
response from the TACACS+ server before it times out
and declares an error.
10 seconds