- Print
- PDF
TACACS (Terminal Access Controller Access Control System), widely used in network environments, is a client/server protocol that allows remote access servers to communicate with a central server in order to authenticate dial-in users and authorize their access to the requested system or service.
TACACS CLI commands are categorized as follows:
Configuration Commands
This section includes TACACS configuration commands.
tacacs-server host
Command Objective:
This command configures the TACACS server with the parameters (host, timeout, key) and specifies the address of one or more TACACS and the names of the IP host or hosts maintaining a TACACS+ server.
Notes: The maximum number of TACACS servers that can be configured is 5.
The no form of the command deletes the server entry from the TACACS server table.
Syntax:
tacacs-server host {< ipv4-address > | < ipv6-address > | < dns_host_name >} } [single-connection] [port < tcp port (1-65535 ) >] [timeout < time out in seconds(1-255) >] {key < secret key >}
no tacacs-server host { < ipv4-address > | < ipv6-address >| < dns_host_name >}
Parameter Description:
- < ipv4-address > - Configures the IPv4 address of the host
- < ipv6-address > - Configures the IPv6 address of the host
- < dns_host_name > - Configures the DNS (Domain Name System) name of the TACACS server host. This value is a string of maximum size 255.
- single-connection - Allows multiple sessions to be established over a single TCP connection for AAA functionalities
- port < tcp port (1-65535 ) > - Configures the TCP port number in which the multiple sessions are established. This value ranges from 1 to 65535.
- timeout < time out in seconds(1-255) > - Configures the time period (in seconds) till which a client waits for a response from the server before closing the TCP connection. The link between the server and the client gets disconnected if the specified time is exceeded. This value ranges from 1 to 255 seconds.
- key < secret key > - Specifies the authentication and encryption key for all TACACS communications between the authenticator and the TACACS server. The value is a string of a maximum length of 64. If the key value is not configured, then the default key "Altran" will be used.
Mode:
Global Configuration Mode
Prerequisites:
The maximum number of TACACS servers that can be configured is 5.
The no form of the command deletes the server entry from the TACACS server table.
Default:
- port - 49
- timeout - 5 seconds
Example:
Your Product (config)# tacacs-server host 12.0.0.100
TACACS+ server configured with default secret key !
Your Product (config)# tacacs-server host 2005::33
TACACS+ server configured with default secret key !
tacacs use-server address
Command Objective:
This command configures the active server address and selects an active server from the list of servers available in the TACACS server table.
The no form of the command disables the configured client active server.
Syntax:
tacacs use-server address { < ipv4-address > | < ipv6-address >| < dns_host_name >}
no tacacs use-server
Parameter Description:
- < ipv4-address > - Configures the IPv4 address of the host
- < ipv6-address > - Configures the IPv6 address of the host
- < dns_host_name > - Configures the DNS (Domain Name System) name of the TACACS server host. This value is a string of maximum size 255.
Mode:
Global Configuration Mode
Note: The specified server should be any one of the entries from the TACACS server table.
Example:
Your Product (config)# tacacs use-server address 12.0.0.100
tacacs-server retransmit
Command Objective:
This command configures the retransmit value. It is the number of times the client searches the active server from the list of servers maintained in the TACACS client when active server is not configured. The retransmit value ranges from 1 to 5
The no form of the command resets the retransmit value to its default value
Syntax:
tacacs-server retransmit < retries (1-5) >
no tacacs-server retransmit
Mode:
Global Configuration Mode
Default:
2
Example:
Your Product (config)# tacacs-server retransmit 3
Display Command
This section includes the TACACS display command.
show tacacs
Command Objective:
This command displays the server (such as IP address, Single connection, Port and so on) and statistical log information (such as Authen. Starts sent, Authen. Continues sent, Authen. Enables sent, Authen. Aborts sent, and so on) for TACACS+ client.
Syntax:
show tacacs
Mode:
Privileged EXEC Mode
Note: This command displays the information only for the servers configured in the TACACS server table.
Example:
Your Product# show tacacs
Server : 1
Server address : 12.0.0.100
Address Type : IPV4
Single Connection : no
TCP port : 49
Timeout : 5
Secret Key :
Server : 2
Server address : abc.google.com
Address Type : DNS
Single Connection : yes
TCP port : 20
Timeout : 30
Secret Key :
Active Server address: abc.google.com
Authen. Starts sent : 0
Authen. Continues sent : 0
Authen. Enables sent : 0
Authen. Aborts sent : 0
Authen. Pass rvcd. : 0
Authen. Fails rcvd. : 0
Authen. Get User rcvd. : 0
Authen. Get Pass rcvd. : 0
Authen. Get Data rcvd. : 0
Authen. Errors rcvd. : 0
Authen. Follows rcvd. : 0
Authen. Restart rcvd. : 0
Authen. Sess. timeouts : 0
Author. Requests sent : 0
Author. Pass Add rcvd. : 0
Author. Pass Repl rcvd : 0
Author. Fails rcvd. : 0
Author. Errors rcvd. : 0
Author Follows rcvd. : 0
Author. Sess. timeouts : 0
Acct. start reqs. sent : 0
Acct. WD reqs. sent : 0
Acct. Stop reqs. sent : 0
Acct. Success rcvd. : 0
Acct. Errors rcvd. : 0
Acct. Follows rcvd. : 0
Acct. Sess. timeouts : 0
Malformed Pkts. rcvd. : 0
Socket failures : 0
Connection failures : 0
© 2024 Cisco and/or its affiliates. All rights reserved.
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks