user : tacacs+
 
tacacs+
Use this command to add or edit the information used for TACACS+ authentication.
Terminal Access Controller Access-Control System (TACACS+) is a remote authentication protocol used to communicate with an authentication server. TACACS+ allows a client to accept a user name and password and send a query to a TACACS+ authentication server. The server host determines whether to accept or deny the request and sends a response back that allows or denies network access to the user.
The default port for a TACACS+ server is 49. The maximum number of remote TACACS+ servers that can be configured for authentication is 10.
You may select an alternative authentication method for each server. These include CHAP, PAP, MS-CHAP, and ASCII.
Syntax
config user tacacs+
edit <server_name>
set authen-type {ascii | auto | chap | ms_chap | pap}
set authorization {enable | disable}
set key <server_key>
set port <tacacs+_port_num>
set server <domain>
set source-ip <ipv4_addr>
end
Variable
Description
Default
edit <server_name>
Enter a name to identify the TACACS+ server.
Enter a new name to create a new server definition or enter an existing server name to edit that server definition.
 
authen-type {ascii | auto | chap | ms_chap | pap}
Select the authentication method for this TACACS+ server.
auto uses pap, ms_chap_v, and chap, in that order.
auto
authorization {enable | disable}
Enable or disable TACACS+ authorization.
disable
key <server_key>
Enter the key to access the server. The maximum number is 16.
 
port <tacacs+_port_num>
Change the default TACACS+ port for this server. The default port for TACACS+ traffic is 49. Range is 0..65535.
49
server <domain>
Enter the TACACS+ server domain name or IP address. The host name must comply with RFC1035.
No default.
source-ip <ipv4_addr>
Enter the source IP for communications to TACACS+ server.
0.0.0.0