Cisco Cisco Packet Data Interworking Function (PDIF) Guía De Administador
System Settings
▀ Configuring TACACS+ for System Administrative Users
▄ Cisco ASR 5000 System Administration Guide
62
Configuring TACACS+ AAA Services
This section provides an example of how to configure TACACS+ AAA services for administrative users on the system.
Caution:
When configuring TACACS+ AAA services for the first time, the administrative user must use non-
TACACS+ services to log into the ASR 5x00. Failure to do so will result in the TACACS+ user being denied access to
the system.
the system.
Log in to the system using non-TACACS+ services.
Use the example below to configure TACACS+ AAA services on the system:
configure
tacacs mode
server priority priority_number ip-address tacacs+srvr_ip_address
end
Note:
server priority priority_number: Must be a number from 1 to 3, that specifies the order in which this
TACACS+ server will be tried for TACACS+ authentication. 1 is the highest priority, and 3 is the lowest.
ip-address: Must be the IPv4 address of a valid TACACS+ server that will be used for authenticating
administrative users accessing this system via TACACS+ AAA services.
By default, the TACACS+ configuration will provide authentication, authorization, and accounting services.
Enable TACACS+ on the ASR 5x00:
configure
aaa tacacs+
end
Save the configuration as described in the Verifying and Saving Your Configuration chapter.
Important:
For complete information on all TACACS+ Configuration Mode commands and options, refer to the
TACACS Configuration Mode Commands chapter of the Command Line Reference.