Specifications

Configuring TACACS+

December 2, 2010 Page 5 of 7

Refertothedevice’sCLIReferenceorConfigurationGuide,asappropriate,formoreinformation

abouteachcommand.

Example TACACS+ Configuration

InthefollowingconfigurationexampleonanS‐Seriesdevice,theTACACS+serverisdefinedas

havingtheIPaddress192.168.10.10.TheTCPportissetto49,whichisthestandardTACACS+ 

TCPport.Theauthorizationserviceissetto“basic”andtheread‐writeaccessprivilegeissetto

5.

Sessionandcommandaccountingareenabled,asiscommandauthorization.AsingleTCP

connectionwillbeusedforallTACACS+communicationwith192.168.10.10.Finally,theprimary

S Chassis(rw)->set tacacs enable

S Chassis(rw)->set tacacs server 1 192.168.10.10 49 mysecret

S Chassis(rw)->set tacacs session accounting enable

S Chassis(rw)->set tacacs session authorization service basic

S Chassis(rw)->set tacacs session authorization read-write priv-lvl 5

S Chassis(rw)->set tacacs command accounting enable

S Chassis(rw)->set tacacs command authorization enable

S Chassis(rw)->set tacacs singleconnect enable

S Chassis(rw)->set authentication login tacacs

7. Optionally, enable the TACACS+ client to send

multiple requests to the server over a single TCP

connection.

To disable the use of a single TCP connection, use

the set tacacs singleconnect disable command.

set tacacs singleconnect enable

8. If not already configured, set the primary login

authentication method to TACACS+.

set authentication login tacacs

Procedure 1 TACACS+ Configuration (continued)

Step Task Command(s)