A Commands

aaa-tacacs-create

Use this command to add a TACACS+ server for authorization and authentication on the network.

Syntax   aaa-tacacs-create

name name-string

Specify the name, up to 60 characters, of the TACACS service.

scope fabric|local

Specify the scope to apply to the TACACS server.

server server-string

Specify the name, up to 60 characters, of the TACACS server.

port port-number

Specify the port that connects to the server. The default port is 49.

secret secret-string

Specify the secret (password) to access the server.

timeout timeout-number

Specify the number of seconds for the server to time out a request. The default value is 10 seconds.

priority priority-number

Specify the priority for the server. The priority can be 1 (highest) to X (lowest priority).

authen|no-authen

Specify if the server authenticates clients on the network.

authen-method pap|chap|ms-chap

Specify the authentication method for clients. PAP, CHAP, and MS-CHAP are supported methods with CHAP as the default method.

sess-acct|no-sess-acct

Specify if you want to use session accounting. The TACACS+ server is notified when a user logs in or out of the network.

cmd-acct|no-cmd-acct

Specify if you want to use command accounting. The TACACS+ server is notified when ever a user, including the network administrator, runs a non-show command.

sess-author|no-sess-author

Specify if you want to use session authorization. The TACACS+ server configured for session authorization determines if a user can initiate a session on the network after logging in.

cmd-author|no-cmd-author

Specify if you want to use command authorization. The TACACS+ server determines if a user can run certain commands on the network.

acct-local|no-acct-local

Specify accounting for local users

author-local|no-author-local

Specify authorization for local users.

service service-string

Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run at the Netvisor CLI, and the Java, C, and REST APIs. The default value is shell.

service-shell service-shell-string

Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from a UNIX shell.

service-vtysh service-vtysh-string

Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from vtysh.

Defaults   None.

Access   CLI

History   

Version 1.2.1

Command introduced.

Version 2.6.0

The parameters, acct-local, author-local, service, service-shell, and service-vtyesh, added.

Usage   Use this command to allow a TACACS+ server authenticate and authorize clients on the network. The TACACS+ can also provide accounting for sessions and commands.

Examples  To add the TACACS+ server, TACserver1, with scope local on port 33 and secret, p@ssw0rd, use the following commands:

CLI network-admin@switch > aaa-tacacs-create name TACserver1 scope local port 33 p@ssw0rd

To add the authentication method, MS-CHAP, use the following command:

CLI network-admin@switch > aaa-tacacs-create name TACserver1 authen-method ms-chap

aaa-tacacs-delete

This command is used to remove a TACACS+ server from the configuration.

Syntax   aaa-tacacs-delete name name-string

name name-string

Specify the name of the TACACS+ server to remove from the configuration.

Defaults   None.

Access   CLI

History   Command introduced in nvOS Version 1.2.1.

Usage   Use this command to remove a TACACS+ server.

Examples  To remove the TACACS+ server, TACserver1, use the following command:

CLI network-admin@switch > aaa-tacacs-delete name TACserver1

aaa-tacacs-modify

This command is used to modify a TACACS+ server configuration on the network.

Syntax   aaa-tacacs-modify

name name-string

Specify the name of the TACACS service.

Specify one or more of the following options to modify:

scope fabric|local

Specify the scope to apply to the TACACS server.

server server-string

Specify the name of the TACACS server.

port port-number

Specify the port that connects to the server.

secret secret-string

Specify the secret (password) to access the server.

timeout timeout-number

Specify the number of seconds for the server to time out a request. The default value is 10 seconds.

priority priority-number

Specify the priority for the server. The priority can be 1 (highest) to X (lowest priority).

authen|no-authen

Specify if the server authenticates clients on the network.

authen-local|no-authen-local

Specify if the server authentication overrides the local users.

authen-method pap|chap|ms-chap

Specify the authentication method for clients. PAP, CHAP, and MS-CHAP are supported methods.

sess-acct|no-sess-acct

Specify if you want to use session accounting. The TACACS+ server is notified when a user logs in or out of the network.

cmd-acct|no-cmd-acct

Specify if you want to use command accounting. The TACACS+ server is notified when ever a user, including the network administrator, runs a non-show command.

sess-author|no-sess-author

Specify if you want to use session authorization. The TACACS+ server configured for session authorization determines if a user can initiate a session on the network after logging in.

cmd-author|no-cmd-author

Specify if you want to use command authorization. The TACACS+ server determines if a user can run certain commands on the network.

acct-local|no-acct-local

Specify accounting for local users

author-local|no-author-local

Specify authorization for local users.

service service-string

Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run at the Neetvisor CLI, and the Java, C, and REST APIs. The default value is shell.

service-shell service-shell-string

Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from a UNIX shell.

service-vtysh service-vtysh-string

Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from vtysh.

Defaults   None.

Access   CLI.

History   

Version 1.2.1

Command introduced.

Version 2.6.0

The parameters, acct-local, author-local, service, service-shell, and service-vtyesh, added.

Usage   Use this command to modify how a TACACS+ server authenticates and authorizes clients on the network. The TACACS+ can also provide accounting for sessions and commands.

Examples  To modify the TACACS+ server, TACserver1, and change the secret, p@ssw0rd, to m0nk3ys, use the following commands:

CLI network-admin@switch > aaa-tacacs-modify name TACserver1 secret @m0nk3ys

aaa-tacacs-show

Use this command to display the configuration parameters of the TACACS+ server.

Syntax   aaa-tacacs-show

name name-string

Specifies the name of the TACACS service.

scope fabric|local

Specifies the scope to apply to the TACACS server.

server server-string

Specify the name of the TACACS server.

port port-number

Specifies the port that connects to the server.

secret secret-string

Specifies the secret (password) to access the server.

timeout timeout-number

Specifies the number of seconds for the server to time out a request. The default value is 10 seconds.

priority priority-number

Specifies the priority for the server. The priority can be 1 (highest) to X (lowest priority).

authen|no-authen

Specifies if the server authenticates clients on the network.

authen-local|no-authen-local

Specifies if the server authentication overrides the local users.

authen-method pap|chap|ms-chap

Specifies the authentication method for clients. PAP, CHAP, and MS-CHAP are supported methods.

sess-acct|no-sess-acct

Specifies if you use session accounting. The TACACS+ server is notified when a user logs in or out of the network.

cmd-acct|no-cmd-acct

Specifies if you use command accounting. The TACACS+ server is notified when ever a user, including the network administrator, runs a non-show command.

acct-local|no-acct-local

Specify accounting for local users

sess-author|no-sess-author

Specifies if you use session authorization. The TACACS+ server configured for session authorization determines if a user can initiate a session on the network after logging in.

cmd-author|no-cmd-author

Specifies if you use command authorization. The TACACS+ server determines if a user can run certain commands on the network.

author-local|no-author-local

Specify authorization for local users.

timed-out yes|no

Specifies if the server has timed out.

error-start date/time:yyyy-mm-ddTHH:mm:ss

Specifies the time of first error.

num-errors num-errors-number

Specifies the number of errors.

errors-logged yes|no

Specifies if gthe errors are logged or not.

service service-string

Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run at the Neetvisor CLI, and the Java, C, and REST APIs. The default value is shell.

service-shell service-shell-string

Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from a UNIX shell.

service-vtysh service-vtysh-string

Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from vtysh.

Defaults    None.

Access   CLI.

History   

Version 1.2.1

Command introduced.

Version 2.6.0

The parameters, acct-local, author-local, service, service-shell, and service-vtyesh, added.

Usage   Use this command to display information about a TACACS+ server

Examples  To display the information about a TACACS+ server, use the following command:

CLI network-admin@switch > aaa-tacacs-show layout vertical

aaa-tacacs-status

This command is used to display the status of the TACACS+ service.

Syntax   aaa-tacacs-status name name-string

name name-string

Specify the name of the TACACS service.

Defaults   None.

Access   CLI

Usage   Use this command to display TACACS status.

Examples  To display the status of tacacs-service, use the following command:

CLI network-admin@switch > aaa-tacacs-status name tacacs-service