TACACS+ (Terminal Access Controller Access-Control System Plus) is a protocol that provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services. TACACS+ servers are tried in the order they are configured.
• host <IP_address>—Add a TACACS+ server to the set of servers used for authentication. Some of the arguments given may override the configured global defaults for all TACACS+ servers. Use no tacacs-server host <IP_address> to delete all TACACS+ servers with the specified IP address. To refine which host is deleted, no tacacs-server host <IP_address> auth-port <port> may be specified.
• auth-port—For this host, sets or clears (with no) the port for TACACS+. The same IP address can be used in more than one tacacs-server host command as long as the auth-port is different for each. A UDP port number, auth-port must be specified immediately after the host option (if present). Default is 49.
• auth-type—For this host, specify which of the two currently supported authentication methods (ascii or pap) to use. Default is pap.
• key—For this host, set, or clear (with no), the shared secret text string used to communicate with any TACACS+ server. If unspecified, the user is prompted for it.
• prompt-key—Mutually exclusive with key <string>. It requests to be prompted for the key, with the entry echoed as asterisk (*) characters, for greater security.
• retransmit—For this host, set or reset to 0 (zero) (with no), the number of times the client attempts to authenticate with any TACACS+ server. Range is 0-5, default is 1. Set to 0 to disable retransmissions.
• timeout—For this host, set or reset to default (with no), the wait time for retransmitting a request to any TACACS+ server. Range is 1-60, default is 3.
• key—Sets, or clears (with no), a global communication value for all TACACS+ servers. Can be overridden in a tacacs-server host command. Sets the shared secret text string used to communicate with any TACACS+ server. If the positive form of the private key command is used with no key, the user is prompted for the key. Entries made at this prompt echo the asterisk (*) character, and the user must enter the same string twice.
• retransmit—Sets, or resets to 0 (zero) (with no), a global communication value for all TACACS+ servers. Can be overridden in a tacacs-server host command. Range is 0-5, default is 1. Sets the number of times the client attempts to authenticate with any TACACS+ server. To disable retransmissions set it to 0 (zero).
• timeout—Sets, or resets to the default (with no), a global communication value for all TACACS+ servers. Can be overridden in a tacacs-server host command. Range is 1-60, default is 3. Sets the wait time for retransmitting a request to any TACACS+ server.
Report an Error |
Media Flow Controller Administrator's Guide and CLI Command Reference |
Copyright © 2010 Juniper Networks, Inc. |