Cisco Cisco Packet Data Interworking Function (PDIF)
System Settings
Configuring TACACS+ for System Administrative Users ▀
ASR 5000 System Administration Guide, StarOS Release 18 ▄
71
Save the configuration as described in the Verifying and Saving Your Configuration chapter.
Important:
For complete information on all TACACS+ Configuration Mode commands and options, refer to the
TACACS Configuration Mode Commands chapter of the Command Line Reference.
Verifying the TACACS+ Configuration
This section describes how to verify the TACACS+ configuration:
Log out of the system CLI, then log back in using TACACS+ services.
Important:
Once TACACS+ AAA services are configured and enabled on the ASR 5x00, the system first will
try to authenticate the administrative user via TACACS+ AAA services. By default, if TACACS+ authentication fails,
the system then continues with authentication using non-TACACS+ AAA services.
the system then continues with authentication using non-TACACS+ AAA services.
At the Exec Mode prompt, enter the following command:
show tacacs [ client | priv-lvl | session | summary ]
The output of the show tacacs commands provides summary information for each active TACACS+ session such as
username, login time, login status, current session state and privilege level. Optional filter keywords provide additional
information.
username, login time, login status, current session state and privilege level. Optional filter keywords provide additional
information.
An example of this command’s output is provided below. In this example, a system administrative user named asradmin
has successfully logged in to the system via TACACS+ AAA services.
has successfully logged in to the system via TACACS+ AAA services.
active session #1:
login username : asradmin
login tty : /dev/pts/1
time of login : Fri Oct 22 13:19:11 2011
login server priority : 1
current login status : pass
current session state : user login complete
current privilege level : 15
remote client application : ssh
remote client ip address : 111.11.11.11
last server reply status : -1
total TACACS+ sessions : 1
login username : asradmin
login tty : /dev/pts/1
time of login : Fri Oct 22 13:19:11 2011
login server priority : 1
current login status : pass
current session state : user login complete
current privilege level : 15
remote client application : ssh
remote client ip address : 111.11.11.11
last server reply status : -1
total TACACS+ sessions : 1
Important:
For details on all TACACS+ maintenance commands, refer to the Command Line Interface
Reference.