User guide
3-20 E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
M
ANAGING
THE
S
WITCH
C
ONFIGURING
TACACS+
Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for
providing authentication, authorization, and accounting on a centralized server, similar
in function to the RADIUS client. The ExtremeWare version of TACACS+ is used to
authenticate prospective users who are attempting to administer the switch. TACACS+
is used to communicate between the switch and an authentication database.
You cannot use RADIUS and TACACS+ at the same time.
You can configure two TACACS+ servers, specifying the primary server address,
secondary server address, and UDP port number to be used for TACACS+ sessions.
Table 3-3 describes the commands that are used to configure TACACS+.
Table 3- 3: TACACS+ Commands
Command Description
config tacacs [primary | secondary] server
[<ipaddress> | <hostname>] {<udp_port>} client-ip
<ipaddress>
Configure the server information for a
TACACS+ server. Specify the following:
■
primary | secondary — Specifies
primary or secondary server
configuration. To remove a server, use
the address 0.0.0.0.
■
<ipaddress> | <hostname> —
Specifies the TACACS+ server.
■
<udp_port> — Optionally specifies
the UDP port to be used.
■
client-ip — Specifies the IP
address used by the switch to identify
itself when communicating with the
TACACS+ server.
config tacacs [primary | secondary] shared-secret
{encrypted} <string>
Configures the shared secret string used
to communicate with the TACACS+ server.
config tacacs-accounting [primary | secondary]
server [<ipaddress> | <hostname>] {<udp_port>}
client-ip <ipaddress>
Configures the TACACS+ accounting
server. You can use the same server for
accounting and authentication.
config tacacs-accounting [primary | secondary]
shared-secret {encrypted} <string>
Configures the shared secret string used
to communicate with the TACACS+
accounting server.
disable tacacs Disables TACACS+.