aaa-tacacs-create

This command is used to configure TACACS+ services on a switch.

Syntax   aaa-tacacs-create

name name-string

Specify the name for TACACS+ configuration. (up to 60 characters)

scope fabric|local

Specify the scope of TACACS+ configuration.

server server-string

Specify the TACACS+ server name. (up to 60 characters)

port port-number

Specify the TCACAS+ communication port. The default port is 49.

secret secret-string

Specify the shared secret (password) for TACACS+.

timeout timeout-number

Specify the number of seconds before communication times out. The default value is 10 seconds.

priority priority-number

Specify the priority for TACACS+. 

authen|no-authen

Specify to enable or disable the authentication.

authen-local|no-authen-local

Specify if the authentication overrides local users. The no-authen-local parameter overrides local users, and gives them access while authen-local prevents local users from logging in.

authen-method pap|chap|ms-chap

Specify one among the authentication methods: PAP, CHAP and MS-CHAP.

sess-acct|no-sess-acct

Specify to enable or disable session accounting.

cmd-acct|no-cmd-acct

Specify to enable or disable command accounting.

acct-local|no-acct-local

Specify to enable or disable accounting for local users.

sess-author|no-sess-author

Specify to enable or disable session authorization.

cmd-author|no-cmd-author

Specify to enable or disable command authorization.

author-local|no-author-local

Specify to enable or disable authorization for local users.

service service-string

Specify the service name used for TACACS+ requests sent from NetVisor OS to the TACACS+ server for commands run at the NetVisor CLI, and REST APIs. The default service is shell.

service-shell service-shell-string

Specify the TACACS+ service name string for shell commands.

service-vtysh service-vtysh-string

Specify the TACACS+ service name string for vtysh commands.

Defaults   None.

Access   CLI

History   

Version 1.2.1

Command introduced.

Version 2.6.0

The parameters acct-local, author-local, service, service-shell and service-vtysh added.

Usage   Use this command to allow a TACACS+ server authenticate, and authorize clients on the network. TACACS+ can also provide accounting for sessions, and commands.

Examples  To create a TACACS+ account named  tac  having  local  scope with no local authentication privilege, use the command:

CLI (network-admin@switch) > aaa-tacacs-create name tac scope local server server1 authen-local

north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south