Specifications

ManualsBrandsEnterasys ManualsComputer equipmentN Standalone (NSA) Series

361

362

363

364

365

366

367

368

369

370

Configuring TACACS+

December 2, 2010 Page 4 of 7

Basic TACACS+ Configuration

Procedure 1describesthebasicstepstoconfigureTACACS+onEnterasysdevices.Itassumesthat

youhavegatheredthenecessaryTACACS+serverinformation,suchastheserver’sIPaddress,the

TCPporttouse,sharedsecret,theauthorizationservicename,andaccesslevelattribute‐value

pairs.

Note: You must be logged in to the Enterasys device with read-write access rights to use the

commands shown in this procedure.

Procedure 1 TACACS+ Configuration

Step Task Command(s)

1. Enable the TACACS+ client.

To disable the TACACS+ client, use the set tacacs

disable command.

set tacacs enable

2. Configure the TACACS+ servers, up to a maximum of

eight, to be used by the TACACS+ client. Define the

IP address, TCP port, and secret for each server.

Optionally, change the timeout for each server from

the default, 10 seconds. Possible timeout values are

1–30 seconds.

To remove one or all configured TACACS+ servers, or

return the timeout value to its default value for one or

all configured TACACS+ servers, use the clear

tacacs server {all | index} [timeout] command.

set tacacs server {index [ipaddress port

secret]] | all timeout seconds}

3. Optionally, enable session accounting.

To disable TACACS+ session accounting, use the set

tacacs session accounting disable command.

set tacacs session accounting enable

Optionally, configure the TACACS+ session

authorization service or access level. The default

service name is “exec.”

Refer to Table 1 on page 3 for the default values of

the access level attribute-value pairs.

To return the TACACS+ session authorization

settings to their default values, use the clear tacacs

session authorization {[service] [read-only]

[read-write] [superuser]} command.

set tacacs session {authorization

service name | read-only attribute value |

read-write attribute value | super-user

attribute value}

5. Optionally, enable per-command accounting.

To disable TACACS+ accounting on a per-command

basis, use the set tacacs command accounting

disable command.

set tacacs command accounting enable

6. Optionally, enable per-command authorization.

To disable TACACS+ authorization on a

per-command basis, use the set tacacs command

authorization disable command.

set tacacs command authorization

enable