[TACACS+ Server Menu] prisrv - Set primary TACACS+ server address secsrv - Set secondary TACACS+ server address secret - Set primary TACACS+ server secret secret2 - Set secondary TACACS+ server secret port - Set TACACS+ TCP port retries - Set TACACS+ server retries timeout - Set TACACS+ server timeout (seconds) clogname - Display accounting log name clog - Enable/disable TACACS+ command logging secbd - Enable/disable TACACS+ secure backdoor for telnet/ssh/http cmap - Enable/disable TACACS+ new privilege level mapping cauth - Enable/disable TACACS+ command authorization otp - Enable/disable TACACS+ server OTP configuration local - Set local Authentication priority on - Turn TACACS+ authentication ON off - Turn TACACS+ authentication OFF cur - Display current TACACS+ configuration |
Command Syntax and Usage | |
---|---|
prisrv <IP address (v4 or v6)> | |
Defines the primary TACACS+ server address. The following prompts appear when using this command: Current primary TACACS+ server: Enter new primary TACACS+ server (v4 or v6): | |
secsrv <IP address (v4 or v6)> | |
Defines the secondary TACACS+ server. The following prompts appear when using this command: Enter new secondary TACACS+ server (v4 or v6): Secondary TACACS+ server address. | |
secret <1-32 character secret> | |
This is the shared secret between Alteon and the primary TACACS+ servers. | |
secret2 <1-32 character secret> | |
This is the shared secret between Alteon and the secondary TACACS+ servers. | |
port <TACACS+ port configure, default 49> | |
Enter the number of the TCP port to be configured. Values: 1 – 65000 Default: 49 | |
retries <TACACS+ server retries, 1-3> | |
Sets the number of failed authentication requests before switching to a different TACACS+ server. Default: 3 requests | |
timeout <TACACS+ server timeout seconds, 1-15> | |
Sets the time before a TACACS+ server authentication attempt is considered to have failed. Default: 4 seconds | |
secbd disable|enable | |
Enables or disables the TACACS secure backdoor. ![]() - notacacs can login via CLI using the pre-defined users passwords (see user/slbview/slboper/l4oper/oper/slbadmin/l4admin/admin) gaining the functionality available for the role of the accessed user. No Web UI access is available. ![]() Default: disabled | |
cmap disable|enable | |
Specifies whether to enable TACACS+ new privilege level mapping. When enabled, the privilege level is increased from 0 – 9 to 0 – 22. Default: disabled | |
cauth disable|enable | |
Enables or disables TACACS+ command authorization. Note: Command authorizations are supported only on CLI commands. (The list of authorized CLI commands are defined at the TACACS+ server.) | |
otp disable|enable | |
Enables or disables the TACACS+ server’s One Time Password (OTP) configuration. TACACS+ supports OTP when the server type attribute is received. Default: disabled | |
clog disable|enable | |
Enables or disables TACACS+ command logging. When enabled, Alteon sends command log messages to the TACACS+ server when configured by user. | |
local | |
Specifies that Alteon should first search for the user in the Local User Table, and only if not found/authenticated there to connect to the remote authentication server. Values: disable, enable Default: disable | |
on | |
Enables the TACACS+ server | |
off | |
Disables the TACACS+ server | |
cur | |
Displays the current TACACS+ configuration parameters. |