Media Flow Controller CLI Commands : tacacs-server
tacacs-server
TACACS+ (Terminal Access Controller Access-Control System Plus) is a protocol that provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services. TACACS+ servers are tried in the order they are configured.
tacacs-server
host <IP_address>
auth-port <port>
auth-type {ascii | pap}
key <string>
prompt-key
retransmit <retries>
timeout <seconds>
key [<key_string>]
retransmit <retries>
timeout <seconds>
Notes:
host <IP_address>—Add a TACACS+ server to the set of servers used for authentication. Some of the arguments given may override the configured global defaults for all TACACS+ servers. Use no tacacs-server host <IP_address> to delete all TACACS+ servers with the specified IP address. To refine which host is deleted, no tacacs-server host <IP_address> auth-port <port> may be specified.
auth-port—For this host, sets or clears (with no) the port for TACACS+. The same IP address can be used in more than one tacacs-server host command as long as the auth-port is different for each. A UDP port number, auth-port must be specified immediately after the host option (if present). Default is 49.
auth-type—For this host, specify which of the two currently supported authentication methods (ascii or pap) to use. Default is pap.
key—For this host, set, or clear (with no), the shared secret text string used to communicate with any TACACS+ server. If unspecified, the user is prompted for it.
prompt-key—Mutually exclusive with key <string>. It requests to be prompted for the key, with the entry echoed as asterisk (*) characters, for greater security.
retransmit—For this host, set or reset to 0 (zero) (with no), the number of times the client attempts to authenticate with any TACACS+ server. Range is 0-5, default is 1. Set to 0 to disable retransmissions.
timeout—For this host, set or reset to default (with no), the wait time for retransmitting a request to any TACACS+ server. Range is 1-60, default is 3.
key—Sets, or clears (with no), a global communication value for all TACACS+ servers. Can be overridden in a tacacs-server host command. Sets the shared secret text string used to communicate with any TACACS+ server. If the positive form of the private key command is used with no key, the user is prompted for the key. Entries made at this prompt echo the asterisk (*) character, and the user must enter the same string twice.
retransmit—Sets, or resets to 0 (zero) (with no), a global communication value for all TACACS+ servers. Can be overridden in a tacacs-server host command. Range is 0-5, default is 1. Sets the number of times the client attempts to authenticate with any TACACS+ server. To disable retransmissions set it to 0 (zero).
timeout—Sets, or resets to the default (with no), a global communication value for all TACACS+ servers. Can be overridden in a tacacs-server host command. Range is 1-60, default is 3. Sets the wait time for retransmitting a request to any TACACS+ server.
show tacacs
TACACS+ settings.
Report an Error
Media Flow Controller Administrator's Guide and CLI Command Reference
Copyright © 2010 Juniper Networks, Inc.