Manualshelf

User's Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 48-Port 10G SFP+ + 2-Port 40G QSFP+ + 4-Port 100G QSFP28 Managed Switch
111112113114115116117118119120
118
10.5 TACACS+ Configuration Example
This chapter includes the following TACACS+ configuration example.
10.5.1 TACACS+ Authentication Examples
The following configuring login authentication is accomplished by TACACS+:
aaa authentication login test group tacacs+ local
tacacs -server host 1.2.3.4
tacacs-server key testkey
line vty 0
login authentication test
In this example:
Command aaa authentication defines the authentication method table test used on vty0. Key word tacacs+
means the authentication is processed by TACACS+, and if TACACS+ does not respond during authentication,
key word local indicates to use the local database on the network access server to do authentication.
Command tacacs-server host marks TACACS+ server’s IP address as 1.2.3.4. command tacacs-server key
defines the shared encrypted secret key as testkey.
The following example is the security protocol used when configuring TACACS+ as login authentication, with
the usage of method table default not test:
aaa authentication login default group tacacs+ local
tacacs-server host 1.2.3.4
tacacs-server key goaway
In this example:
Command aaa authentication defines the default authentication method table default during login
authentication. If authentication required, keyword tacacs+ means authentication is by TACACS+. If TACACS+
does not respond, keyword local indicates to use the local database on the network access server for
authentication.
Command tacacs-server host marks TACACS+ server program’s IP address as 1.2.3.4. Command tacacs-
server key defines the shared encrypted secret key as goaway.
10.5.2 TACACS+ Authorization Examples
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+
tacacs-server host 10.1.2.3
tacacs-server key goaway
In this example:
Command aaa authentication defines the default authentication method table default during login
authentication. If authentication required, keyword tacacs+ means authentication is by TACACS+. If TACACS+
does not respond, keyword local indicates to use the local database on the network access server for
authentication.
Command aaa authorization does network service authorization by TACACS+.
Command tacacs-server host marks TACACS+ server’s IP as 10.1.2.3. Command tacacs-server key defines
the shared encrypted secret key as goaway.