Cisco Cisco ASR 5700
TACACS+ Configuration Mode Commands
server ▀
Command Line Interface Reference, StarOS Release 17 ▄
8865
encrypted password
shared_secret
Specifies the encrypted value of the shared secret key. The server-side configuration must match the
decrypted value for the protocol to work correctly. If
decrypted value for the protocol to work correctly. If
encrypted password
is specified, specifying
password
is invalid. No encryption is used if this value is null (""). The encrypted password can be an
alphanumeric string of 1 through 100 characters. If neither an
encrypted password
or
password
is
specified, StarOS will not use encryption
key
text_password
Release 11.0 systems only. Instead of using an encrypted password value, the user can specify a plain-text
key value for the password. If the
key value for the password. If the
key
keyword is specified, then specifying
encrypted password
is
invalid. A null string represents no encryption. The password can be from 1 to 32 alphanumeric characters in
length. If neither an
length. If neither an
encrypted password
or
key
is specified, then StarOS will not use encryption.
nas-source-address
ip_address
Release 12 and later systems only: Sets the IPv4 address to be specified in the Source Address of the IP
header in the TACACS+ protocol packet sent from the NAS to the TACACS+ server.
header in the TACACS+ protocol packet sent from the NAS to the TACACS+ server.
ip_address
is
entered using IPv4 dotted-decimal notation and must be valid for the interface.
password
text_password
Release 12.0 and later systems. Instead of using an encrypted password value, the user can specify a plain-
text value for the password. If the
text value for the password. If the
password
keyword is specified, specifying
encrypted password
is
invalid. A null string (“”) represents no encryption. The password can be an alphanumeric string of 1 through
32 characters. If neither an
32 characters. If neither an
encrypted password
or
password
is specified, then StarOS will not use
encryption.
port
port_number
Specifies the TCP port number to use for communication with the TACACS+ server.
port_number
can be
an integer from 1 through 65535. If a port is not specified, StarOS will use port 49.
retries
number
Release 12 and later systems only: Specifies the number of retry attempts at establishing a connection to the TACACS+
server if the initial attempt fails.
server if the initial attempt fails.
retries
number
can be an integer from 0 through 100. The default is 3. Specifying 0
(zero) retries results in StarOS trying only once to establish a connection. No further retries will be attempted.
service { accounting | authentication | authorization }
Release 12 and later systems only: Specifies one or more of the AAA services that the specified TACACS+
server will provide. Use of the
server will provide. Use of the
service
keyword requires that at lease one of the available services be
specified. If the
service
keyword is not used, StarOS will use the TACACS+ server for all AAA service
types. The default is to use authentication, authorization and accounting. Available service types are:
accounting
: The specified TACACS+ server should be used for accounting. If TACACS+
authentication is not used, TACACS+ accounting will not be used. If no accounting server is
specified and the user is authenticated, no accounting will be performed for the user.
specified and the user is authenticated, no accounting will be performed for the user.
authentication
: The specified TACACS+ server should be used for authentication. If a TACACS+
authentication server is not available, TACACS+ will not be used for authorization or accounting.
authorization
: The specified TACACS+ server should be used for authorization. If TACACS+
authentication is not used, TACACS+ authorization will not be used. If no authorization server is