A Commands
aaa-tacacs-create
Use this command to add a TACACS+ server for authorization and authentication on the network.
Syntax aaa-tacacs-create
|
name name-string |
Specify the name, up to 60 characters, of the TACACS service. |
|
scope fabric|local |
Specify the scope to apply to the TACACS server. |
|
server server-string |
Specify the name, up to 60 characters, of the TACACS server. |
|
port port-number |
Specify the port that connects to the server. The default port is 49. |
|
secret secret-string |
Specify the secret (password) to access the server. |
|
timeout timeout-number |
Specify the number of seconds for the server to time out a request. The default value is 10 seconds. |
|
priority priority-number |
Specify the priority for the server. The priority can be 1 (highest) to X (lowest priority). |
|
authen|no-authen |
Specify if the server authenticates clients on the network. |
|
authen-method pap|chap|ms-chap |
Specify the authentication method for clients. PAP, CHAP, and MS-CHAP are supported methods with CHAP as the default method. |
|
sess-acct|no-sess-acct |
Specify if you want to use session accounting. The TACACS+ server is notified when a user logs in or out of the network. |
|
cmd-acct|no-cmd-acct |
Specify if you want to use command accounting. The TACACS+ server is notified when ever a user, including the network administrator, runs a non-show command. |
|
sess-author|no-sess-author |
Specify if you want to use session authorization. The TACACS+ server configured for session authorization determines if a user can initiate a session on the network after logging in. |
|
cmd-author|no-cmd-author |
Specify if you want to use command authorization. The TACACS+ server determines if a user can run certain commands on the network. |
|
acct-local|no-acct-local |
Specify accounting for local users |
|
author-local|no-author-local |
Specify authorization for local users. |
|
service service-string |
Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run at the Netvisor CLI, and the Java, C, and REST APIs. The default value is shell. |
|
service-shell service-shell-string |
Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from a UNIX shell. |
|
service-vtysh service-vtysh-string |
Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from vtysh. |
Defaults None.
Access CLI
History
|
Version 1.2.1 |
Command introduced. |
|
Version 2.6.0 |
The parameters, acct-local, author-local, service, service-shell, and service-vtyesh, added. |
Usage Use this command to allow a TACACS+ server authenticate and authorize clients on the network. The TACACS+ can also provide accounting for sessions and commands.
Examples To add the TACACS+ server, TACserver1, with scope local on port 33 and secret, p@ssw0rd, use the following commands:
CLI network-admin@switch > aaa-tacacs-create name TACserver1 scope local port 33 p@ssw0rd
To add the authentication method, MS-CHAP, use the following command:
CLI network-admin@switch > aaa-tacacs-create name TACserver1 authen-method ms-chap
aaa-tacacs-delete
This command is used to remove a TACACS+ server from the configuration.
Syntax aaa-tacacs-delete name name-string
|
name name-string |
Specify the name of the TACACS+ server to remove from the configuration. |
Defaults None.
Access CLI
History Command introduced in nvOS Version 1.2.1.
Usage Use this command to remove a TACACS+ server.
Examples To remove the TACACS+ server, TACserver1, use the following command:
CLI network-admin@switch > aaa-tacacs-delete name TACserver1
aaa-tacacs-modify
This command is used to modify a TACACS+ server configuration on the network.
Syntax aaa-tacacs-modify
|
name name-string |
Specify the name of the TACACS service. |
|
Specify one or more of the following options to modify: |
|
|
scope fabric|local |
Specify the scope to apply to the TACACS server. |
|
server server-string |
Specify the name of the TACACS server. |
|
port port-number |
Specify the port that connects to the server. |
|
secret secret-string |
Specify the secret (password) to access the server. |
|
timeout timeout-number |
Specify the number of seconds for the server to time out a request. The default value is 10 seconds. |
|
priority priority-number |
Specify the priority for the server. The priority can be 1 (highest) to X (lowest priority). |
|
authen|no-authen |
Specify if the server authenticates clients on the network. |
|
authen-local|no-authen-local |
Specify if the server authentication overrides the local users. |
|
authen-method pap|chap|ms-chap |
Specify the authentication method for clients. PAP, CHAP, and MS-CHAP are supported methods. |
|
sess-acct|no-sess-acct |
Specify if you want to use session accounting. The TACACS+ server is notified when a user logs in or out of the network. |
|
cmd-acct|no-cmd-acct |
Specify if you want to use command accounting. The TACACS+ server is notified when ever a user, including the network administrator, runs a non-show command. |
|
sess-author|no-sess-author |
Specify if you want to use session authorization. The TACACS+ server configured for session authorization determines if a user can initiate a session on the network after logging in. |
|
cmd-author|no-cmd-author |
Specify if you want to use command authorization. The TACACS+ server determines if a user can run certain commands on the network. |
|
acct-local|no-acct-local |
Specify accounting for local users |
|
author-local|no-author-local |
Specify authorization for local users. |
|
service service-string |
Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run at the Neetvisor CLI, and the Java, C, and REST APIs. The default value is shell. |
|
service-shell service-shell-string |
Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from a UNIX shell. |
|
service-vtysh service-vtysh-string |
Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from vtysh. |
Defaults None.
Access CLI.
History
|
Version 1.2.1 |
Command introduced. |
|
Version 2.6.0 |
The parameters, acct-local, author-local, service, service-shell, and service-vtyesh, added. |
Usage Use this command to modify how a TACACS+ server authenticates and authorizes clients on the network. The TACACS+ can also provide accounting for sessions and commands.
Examples To modify the TACACS+ server, TACserver1, and change the secret, p@ssw0rd, to m0nk3ys, use the following commands:
CLI network-admin@switch > aaa-tacacs-modify name TACserver1 secret @m0nk3ys
aaa-tacacs-show
Use this command to display the configuration parameters of the TACACS+ server.
Syntax aaa-tacacs-show
|
name name-string |
Specifies the name of the TACACS service. |
|
scope fabric|local |
Specifies the scope to apply to the TACACS server. |
|
server server-string |
Specify the name of the TACACS server. |
|
port port-number |
Specifies the port that connects to the server. |
|
secret secret-string |
Specifies the secret (password) to access the server. |
|
timeout timeout-number |
Specifies the number of seconds for the server to time out a request. The default value is 10 seconds. |
|
priority priority-number |
Specifies the priority for the server. The priority can be 1 (highest) to X (lowest priority). |
|
authen|no-authen |
Specifies if the server authenticates clients on the network. |
|
authen-local|no-authen-local |
Specifies if the server authentication overrides the local users. |
|
authen-method pap|chap|ms-chap |
Specifies the authentication method for clients. PAP, CHAP, and MS-CHAP are supported methods. |
|
sess-acct|no-sess-acct |
Specifies if you use session accounting. The TACACS+ server is notified when a user logs in or out of the network. |
|
cmd-acct|no-cmd-acct |
Specifies if you use command accounting. The TACACS+ server is notified when ever a user, including the network administrator, runs a non-show command. |
|
acct-local|no-acct-local |
Specify accounting for local users |
|
sess-author|no-sess-author |
Specifies if you use session authorization. The TACACS+ server configured for session authorization determines if a user can initiate a session on the network after logging in. |
|
cmd-author|no-cmd-author |
Specifies if you use command authorization. The TACACS+ server determines if a user can run certain commands on the network. |
|
author-local|no-author-local |
Specify authorization for local users. |
|
timed-out yes|no |
Specifies if the server has timed out. |
|
error-start date/time:yyyy-mm-ddTHH:mm:ss |
Specifies the time of first error. |
|
num-errors num-errors-number |
Specifies the number of errors. |
|
errors-logged yes|no |
Specifies if gthe errors are logged or not. |
|
service service-string |
Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run at the Neetvisor CLI, and the Java, C, and REST APIs. The default value is shell. |
|
service-shell service-shell-string |
Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from a UNIX shell. |
|
service-vtysh service-vtysh-string |
Specify the service name used for TACACS+ requests sent from Netvisor to the TACACS+ server for commands run from vtysh. |
Defaults None.
Access CLI.
History
|
Version 1.2.1 |
Command introduced. |
|
Version 2.6.0 |
The parameters, acct-local, author-local, service, service-shell, and service-vtyesh, added. |
Usage Use this command to display information about a TACACS+ server
Examples To display the information about a TACACS+ server, use the following command:
CLI network-admin@switch > aaa-tacacs-show layout vertical
aaa-tacacs-status
This command is used to display the status of the TACACS+ service.
Syntax aaa-tacacs-status name name-string
|
name name-string |
Specify the name of the TACACS service. |
Defaults None.
Access CLI
Usage Use this command to display TACACS status.
Examples To display the status of tacacs-service, use the following command:
CLI network-admin@switch > aaa-tacacs-status name tacacs-service