aaa authentication-server tacacs

aaa authentication-server tacacs <server>

clone <server>

enable

host <host>

key <psk>

no ...

retransmit <number>

session-authorization

source-interface

tcp-port <port>

timeout <seconds>

Description

This command configures a TACACS+ server.

 

Starting with ArubaOS 6.4, a maximum of 128 TACACS servers can be configured on the controller.

Syntax

Parameter

Description

Range

Default

<server>

Name that identifies the server.

clone <server>

Name of an existing TACACS server configuration from which parameter values are copied.

enable

Enables the TACACS server.

 

host <host>

IPv4 or IPv6 address of the TACACS server.

key

Shared secret to authenticate communication between the TACACS+ client and server.

no

Negates any configured parameter.

retransmit <number>

Maximum number of times a request is retried.

0-3

3

session-authorization

Enables TACACS+ authorization. Session-authorization turns on the optional authorization session for admin users.

disabled

source-interface

Value of the source address of outgoing TACACS requests to this server.

tcp-port <port>

TCP port used by the server.

1-65535

49

timeout <timeout>

Timeout period of a TACACS request, in seconds.

1-30

20 seconds

Usage Guidelines

You configure a server before you can add it to one or more server groups. You create a server group for a specific type of authentication (see aaa server-group).

Example

The following commands configure per-server TACACS source interface on IPv4 and IPv6 respectively:

(host) (TACACS Server <name>) # source-interface vlan 20

(host) (TACACS Server <name>) # source-interface vlan 20 2001:DB8:0:ABCD::1

The following command deletes per-server TACACS source interface on IPv4:

(host) (TACACS Server <name>) #no source-interface vlan 20

The following command configures and enables a TACACS+ server and enables session authorization:

aaa authentication-server tacacs tacacs1

clone default

host 10.1.1.245

key qwERtyuIOp

enable

session-authorization

Command History

Version

Description

ArubaOS 3.0

Command introduced.

ArubaOS 6.0

session-authorization parameter was introduced.

ArubaOS 6.3

IPv6 support was added for TACACS server. You can now specify an IPv6 host address for the host parameter.

ArubaOS 6.5.2

Source-interface parameter was introduced.

Command Information

Platforms

Licensing

Command Mode

All platforms

Base operating system

Config mode on master controllers