TACACS+

NVIDIA UFM-SDN Appliance Command Reference Guide v4.13.1

tacacs-server {key <secret>| retransmit <retries> | timeout <seconds>}
no tacacs-server {key | retransmit | timeout}

Sets global TACACS+ server attributes.
The no form of the command resets the attributes to default values.

Syntax Description

key

Set a secret key (shared hidden text string) known to the system and to the TACACS+ server

retransmit

Number of retries (0-5) before exhausting from the authentication

timeout

Timeout in seconds between each retry (1-60)

Default

3 seconds, 1 retry

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # tacacs-server retransmit 3

Related Commands

aaa authorization
show radius
show tacacs
tacacs-server host

Notes

Each TACACS+ server can override those global parameters using the command “tacacs-server host”

tacacs-server host <ip-address> {enable | auth-port <port> | auth-type <type> | key <secret> | retransmit <retries> | timeout <seconds>}
no tacacs-server host <ip-address> {enable | auth-port}

Configures TACACS+ server attributes.
The no form of the command resets the attributes to their default values and deletes the TACACS+ server.

Syntax Description

ip-address

TACACS+ server IP address

enable

Administrative enable for the TACACS+ server

auth-port

TACACS+ server UDP port number

key

Set a secret key (shared hidden text string) known to the system and to the TACACS+ server

retransmit

Number of retries (0-5) before exhausting from the authentication

timeout

Timeout in seconds between each retry (1-60)

Default

3 seconds, 1 retry
Default TCP port is 49
Default auth-type is PAP

Configuration Mode

config

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # tacacs-server host 40.40.40.40

Related Commands

aaa authorization
show tacacs
tacacs-server

Notes

  • TACACS+ servers are tried in the order they are configured

  • A PAP auth-type similar to an ASCII login, except that the username and password arrive at the network access server in a PAP protocol packet instead of being typed in by the user, so the user is not prompted

  • If the user does not specify a parameter for this configured TACACS+ server, the configuration will be taken from the global TACACS+ server configuration. Refer to “tacacs-server” command.

show tacacs

Displays TACACS+ configurations.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any configuration mode

History

1.5

Example

Copy
Copied!
            

ufmapl [ mgmt-sa ] (config) # show tacacs TACACS+ defaults: Key: 3333 Timeout: 3 Retransmit: 1 TACACS+ servers: 40.40.40.40:49 Enabled: yes Auth-type PAP Key: 3333 (default) Timeout: 3 (default) Retransmit: 1 (default)

Related Commands

aaa authorization
tacacs-server
tacacs-server host

Notes

© Copyright 2023, NVIDIA. Last updated on Sep 5, 2023.