beautypg.com

Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1294

background image

TACACS+ Introduction and Configuration

Software Reference for x310 Series Switches

48.6

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Define the method list for TACACS+ login authentication

awplus(config)#

aaa authentication login

{default|<list-name>} {[local]

[group {radius|tacacs+|

<group-name>}]}

This method list defines the AAA server type used for login
authentication. The server types are always used in the order
specified with this command. If the first server in the method
list is unreachable, the switch sends the request to the next
server in the list. If the authentication server denies the
authentication request because of an incorrect username or
password then the user login fails.

Define the method list for TACACS+ enable password authentication

awplus(config)#

aaa authentication enable

default group tacacs+ [local]

[none]

This method list defines the authentication method used to
determine the privilege command level a user can access.
Specify local to use the locally configured enable password
and none to grant access to Privileged Exec mode with no
authentication, if the TACACS+ server goes offline, or is not
reachable during enable password authentication.

Define the method for TACACS+ login accounting

awplus(config)#

aaa accounting login {default|

<list-name>}

{start-stop|stop-only|none}

{group {radius|tacacs+|<group-

name>}}

You can only define one method for login accounting, either
RADIUS or TACACS+. Specify start-stop to send both start and
stop login accounting records, stop-only to send only stop
login accounting records, or none to disable the sending of
login accounting records.

Configure TACACS+ command accounting

awplus(config)#

aaa accounting commands <1-15>

default stop-only group tacacs+

TACACS+ command accounting is configured per privilege
level and only commands of the specified privilege level are
accounted. Therefore, if you require that all commands are
accounted to the TACACS+ server, you must configure
command accounting for each privilege level separately.
Commands are accounted to the TACACS+ server after they
have successfully executed.

Troubleshooting TACACS+

awplus(config)#

show tacacs+

Display the current TACACS+ server configuration and status.

awplus#

debug aaa authentication

Enable debug output for TACACS+ authentication.

awplus#

debug aaa authorization

Enable debug output for TACACS+ authorization.

awplus#

debug aaa accounting

Enable debug output for TACACS+ accounting.

Table 48-1: General configuration procedure for TACACS+ authentication and accounting(cont.)

See also other documents in the category Allied Telesis Computer hardware: