Filter
Top Products
CONFIGURATION mode
tacacs-server host {hostname | ip-address} [port port-number] [timeout
seconds] [key key]
Configure the optional communication parameters for the specific host:
– port port-number: the range is from 0 to 65335. Enter a TCP port number. The default is 49.
– timeout seconds: the range is from 0 to 1000. Default is 10 seconds.
– key key: enter a string for the key. The key can be up to 42 characters long. This key must match
a key configured on the TACACS+ server host. This parameter must be the last parameter you
configure.
If you do not configure these optional parameters, the default global values are applied.
Example of Connecting with a TACACS+ Server Host
To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple
times. If you configure multiple TACACS+ server hosts, the system attempts to connect with them in the
order in which they were configured.
To view the TACACS+ configuration, use the show running-config tacacs+ command in EXEC
Privilege mode.
To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address}
command.
freebsd2# telnet 2200:2200:2200:2200:2200::2202
Trying 2200:2200:2200:2200:2200::2202...
Connected to 2200:2200:2200:2200:2200::2202.
Escape character is '^]'.
Login: admin
Password:
Dell#
Command Authorization
The AAA command authorization feature configures the system to send each configuration command to
a TACACS server for authorization before it is added to the running configuration.
By default, the AAA authorization commands configure the system to check both EXEC mode and
CONFIGURATION mode commands. Use the no aaa authorization config-commands command
to enable only EXEC mode command checking.
If rejected by the AAA server, the command is not added to the running config, and a message displays:
04:07:48: %SYSTEM-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure
Command
authorization failed for user (denyall) on vty0 ( 10.11.9.209 )
Security
807