Configure the TACACS Scheme
To configure the TACACS scheme, it is necessary to configure the key parameters of the server.
Configuration Condition
None
Configure the TACACS Server
If AAA needs to use the TACACS method for authentication, authorization and accounting after configuring the TACACS server, it needs to configure the parameters of the TACACS server, including server IP address, shared key, server port number and other configuration information.
The TACACS server group can be used to authenticate, authorize and account users by referring to the server group name when configuring the method.
Table 11-17 Configure the TACACS server
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode
|
configure terminal
|
-
|
|
Configure the TACACS server group name (the command also can enter the TACACS server group configuration mode)
|
aaa server group tacacs group-name
|
Mandatory
By default, do not configure the TACACS server group name.
|
|
Configure the TACACS server
|
server { ip-address | ipv6 ip-address } [ port port-num ] [ priority priority ] { key [ 0 | 7 ] key}
|
Mandatory
By default, do not configure the member server of the TACACS server group.
|
|
Configure the response timeout of the TACACS server
|
timeout timeout
|
Optional
By default, the timeout of waiting for the TACACS server response is 5s.
|
|
Configure the VRF attribute of the TACACS server group
|
ip vrf forwarding vrf-name
|
Optional
By default, the TACACS server group belongs to the global VRF.
|
-
You can execute the command server { ip-address | ipv6 ip-address } [ port port-num ] [ priority priority ] { key [ 0 | 7 ] key} for many times to configure multiple TACAS servers in the Tacas server group. The device selects the server to authenticate according to the configuration order. When one server fails, the device automatically selects the next server.
- The configured share keys on the device and TACAS server must be consistent.
Configure the Source Address of Sending the TACAS Packet
Table 11-18 Configure the source address of sending the TACAS packet
|
Step
|
Command
|
Description
|
|
Enter the global configuration mode
|
configure terminal
|
-
|
|
Configure the interface selected by TACAS source address
|
ip tacacs source-interface interface-name [ vrf vrf-name ]
|
Optional
By default, the device automatically selects the source interface.
|
Switch
.png){kind=icon}
.png){kind=logo}
.jpg)
.png){kind=logo}
