TACACS+
Options for authenticating with TACACS+ servers.
Use TACACS+ (Terminal Access Controller Access-Control System Plus) to authenticate and authorize users.
The TACACS+ server must be configured to respond with the list of local authentication groups that the TACACS+ user is a member of inside the groupname attribute.
To specify multiple groups, set the groupname attribute to a comma-separated list of the names. For example: admin,operator.
- Servers - A list of TACACS+ servers.
Properties
Authentication protocol
The authentication protocol required to connect to the server.
| Option | Label | Description |
|---|---|---|
pap | PAP | Password AUthentication Protocol. |
chap | CHAP | Challenge Handshake Authentication Protocol. |
cleartext | Cleartext | Login and password details are sent in cleartext.. |
- Data type: string select
- Default:
pap - Configuration
- Required
CLI: (cli)> config auth method <index> tacacs-plus auth-protocol
Service
The service to use with this server.
- Data type: string
- Default:
raccess - Configuration
- Required
CLI: (cli)> config auth method <index> tacacs-plus service
Protocol
The protocol to use with this server.
- Data type: string
- Default:
unknown - Configuration
- Required
CLI: (cli)> config auth method <index> tacacs-plus protocol
Group attribute
The group attributes to use with this server.
- Data type: string
- Default:
groupname - Configuration
- Required
CLI: (cli)> config auth method <index> tacacs-plus group-attribute
Timeout
Specifies the number of seconds to wait for a response from the TACACS+ server before trying the next TACACS+ server.
- Data type: integer
- Units: seconds
- Default:
5 - Configuration
- Required
CLI: (cli)> config auth method <index> tacacs-plus timeout