3 tacacs+ scenarios typical examples, Tacacs, Cenarios – PLANET XGS3-24040 User Manual

Chapter 51 TACACS+ Configuration

51-2

3. Configure the TACACS+ authentication timeout time

Command

Explanation

Global Mode

tacacs-server timeout

no tacacs-server timeout

Configure the authentication timeout for the

TACACS+ server, the “no tacacs-server

timeout” command restores the default

configuration.

4. Configure the IP address of the TACACS+ NAS

Command

Explanation

Global Mode

tacacs-server nas-ipv4

no tacacs-server nas-ipv4

To configure the source IP address for the

TACACS+ packets for the switch.

51.3 TACACS+ Scenarios Typical Examples

Figure

6-1 TACACS Configuration

A computer connects to a switch, of which the IP address is 10.1.1.2 and connected with a TACACS+

authentication server; IP address of the server is 10.1.1.3 and the authentication port is defaulted at 49, set

telnet log on authentication of the switch as tacacs local, via using TACACS+ authentication server to achieve

telnet user authentication.

Switch(config)#interface vlan 1

Switch(Config-if-vlan1)#ip address 10.1.1.2 255.255.255.0

Switch(Config-if-vlan1)#exit

Switch(config)#tacacs-server authentication host 10.1.1.3

Switch(config)#tacacs-server key test

Switch(config)#authentication login vty tacacs local

10.1.1.1

10.1.1.2

Tacacs Server

10.1.1.3