Tacacs+ authentication configuration commands, Tacacs+ authentication configuration commands -120 – Netopia CLI 874 User Manual

Page 132

2-120 Command Line Interface Commands Reference

radius-server { 1 | 2 } { ip-address | hostname } [ secret secret ]
no radius-server { 1 | 2 }
show radius-server [ 1 | 2 ]

These commands allow you to specify, delete, or show a RADIUS server either by using an IP address in
dotted-quad notation or by using a hostname to be resolved using the Domain Name System (DNS) information
configured in the router. In addition to specifying the ser ver’s IP address or hostname, you must also specify a
shared-secret known to both the router and the RADIUS ser ver. The secret is used to encr ypt RADIUS
transactions in transit.

radius identifier identifier

This command allows you to specify the RADIUS identifier as either an IP address in dotted-quad notation (to be
used as the value of the NAS-IP-Address (4) attribute), or an arbitrar y string (to be used as the value of the
NAS-Identifier (32) attribute), in the router’s outgoing Access-Request packets. The RADIUS identifier is limited
to 63 characters.

TACACS+ Authentication Configuration Commands

Note:

The commands in this section are suppor ted beginning with firmware version 8.4, and supplement the

RADIUS ser ver commands in the previous section.

This command sets the remote authentication protocol to RADIUS or TACACS+ and selects the ordering of the
security database lookup.

remote-server { index } { host } secret key

This command sets up the primar y and alternate authentication ser vers. It applies to both RADIUS and
TACACS+. The radius-server command is retained for backward compatibility. If the remote authentication
protocol is set to RADIUS, show config will display "radius-ser ver…” rather than “remote-ser ver…”

TACACS+ Authentication Configuration Commands

remote-server { index } { host } secret key

tacacs-plus accounting [ yes | no ]