INS_RL1000GW_REV– 15 Jul 2016 PAGE 64
INSTALLATION AND OPERATION MANUAL
RL1000GW
TECH SUPPORT: 1.888.678.9427
TACACS Command Hierarchy
+root
- login authentication {local, local| tacacs-only| tacacs-local}
- login authentication show
+ tacacs-server
- add {host <a.b.c.d.>} {retries (1,<1-10>} [timeout <5,(1-255)>] {port <49,(1-65535)>}
- remove {host <a.b.c.d.>}
- tacacs-server default host {host <a.b.c.d.>}
TACACS Commands Descriptions
Command
Description
login authentication
Select the authentication type.
Local: tacacs is not used. authentication is based on local database only.
Tacacs-only: tacacs server is used for authentication. If the server is unreachable, no fallback
to local database.
Tacacs-local: tacacs server is used AS default for authentication. If the server is unreachable,
fallback to local database is supported.
tacacs-server add
This command configures the TACACS server with the parameters (host, retries, key) and
specifies the IP address of one or more servers.
Host <ipv4-address>: Configures the IPv4 address of the server (host).
Port <tcp port (1- 65535 )>: Configures the TCP port number in which the multiple sessions
are established. The value ranges between 1 and 65535. default- 49.
Retries <(1-10)>: Number of retries to connect to the host. default- 1.
Key <secret key>: Specifies the authentication and encryption key for all TACACS
communications between the authenticator and the TACACS server. The value is string of
maximum length 64.
should be 1-64 charaters length.
- May include small letters.
- May include capitol letter.
- must include numbers
- May include special symbol.
- allowed synbols: @#$%^&*()-+./<\`
tacacs-server remove
Host <ipv4-address>: Configures the IPv4 address of the server (host).
tacacs-server default host
This command sets the default server to be used. The server must be predefined.
