beautypg.com

9 tacacs+ commands, 1 tacacs-server host, 2 tacacs-server key – Kontron AT8904 CLI User Manual

Page 283: 9 tacacs+ commands - 29, Tacacs-server host - 29, Tacacs-server key - 29, At8904m management commands

background image

AT8904M

Management Commands

Page 6 - 29

AT8904M CLI Reference Manual

attributes or unknown types are not included as malformed access
responses.

Bad Authenticators

The number of RADIUS Access-Response packets containing

invalid authenticators or signature attributes received from this server.

Pending Requests

The number of RADIUS Access-Request packets destined for this

server that have not yet timed out or received a response.

Timeouts

The number of authentication timeouts to this server.

Unknown Types

The number of RADIUS packets of unknown types, which were

received from this server on the authentication port.

Packets Dropped

The number of RADIUS packets received from this server on the

authentication port and dropped for some other reason.

6.9

TACACS+ Commands

TACACS+ provides access control for networked devices via one or more centralized

servers. Similar to RADIUS, this protocol simplifies authentication by making use of a

single database that can be shared by many clients on a large network. TACACS+ is

based on the TACACS protocol (described in RFC1492) but additionally provides for

separate authentication, authorization, and accounting services. The original protocol

was UDP based with messages passed in clear text over the network; TACACS+ uses

TCP to ensure reliable delivery and a shared key configured on the client and daemon

server to encrypt all messages.

6.9.1

tacacs-server host

Use the

tacacs-server host

command in Global Configuration mode to configure a

TACACS+ server. This command enters into the TACACS+ configuration mode. The

parameter is the IP address of the TACACS+ server. To specify multiple

hosts, multiple

tacacs-server host

commands can be used.

Format

tacacs-server host

Mode

Global Config

6.9.1.1

no tacacs-server host

Use the

no tacacs-server host

command to delete the specified hostname or IP

address. The parameter is the IP address of the TACACS+ server.

Format

no tacacs-server host

Mode

Global Config

6.9.2

tacacs-server key

Use the

tacacs-server key

command to set the authentication and encryption key for

all TACACS+ communications between the switch and the TACACS+ daemon. The

parameter has a range of 0 - 128 characters and specifies the

authentication and encryption key for all TACACS communications between the

switch and the TACACS+ server. This key must match the key used on the TACACS+

daemon.

Format

tacacs-server key

Mode

Global Config

See also other documents in the category Kontron Hardware: