Configuring tacacs plus – Cabletron Systems SMARTSWITCH ROUTER 9032578-05 User Manual

Chapter 20: Security Configuration Guide

278

SmartSwitch Router User Reference Manual

Configuring TACACS Plus

You can secure login or Enable mode access to the SSR by enabling a TACACS Plus client.
A TACACS Plus server responds to the SSR TACACS Plus client to provide
authentication.

You can configure up to five TACACS Plus server targets on the SSR. A timeout is set to
tell the SSR how long to wait for a response from TACACS Plus servers.

To configure TACACS Plus security, enter the following commands in Configure mode:

Specify a TACACS Plus server.

tacacs-plus set server

Set the TACACS Plus time to wait
for a TACACS Plus server reply.

tacacs-plus set timeout

Determine the SSR action if no
server responds.

tacacs-plus set last-resort
password|succeed

Enable TACACS Plus.

tacacs-plus enable

Cause TACACS Plus
authentication at user login or
when user tries to access Enable
mode.

tacacs-plus authentication login|enable

Cause TACACS Plus
authentication at user login or
when user tries to access Enable
mode.

tacacs-plus authentication login|enable

Logs specified types of command
to TACACS Plus server.

tacacs-plus accounting command level
<

level

>

Logs to TACACS Plus server
when shell is stopped or started
on SSR.

tacacs-plus accounting shell
start|stop|all

Logs to TACACS Plus server
SNMP changes to startup or
active configuration.

tacacs-plus accounting snmp
active|startup

Logs specified type(s) of
messages to TACACS Plus server.

tacacs-plus accounting system
fatal|error|warning|info