2.4.6.1 Configuring TACACS+ Authentication for CLI
Perform the following procedure to enable TACACS+ (Terminal Access Controller Access -
Control System Plus) authentication for CLI users as admusr on the
Active NOAM server of the topology:
- Run the following command to replace the <TACACS_SERVER_IP> with
the TACACS+ server IP. Providing
-tTIMEOUT is optional, by default timeout is set to 10 seconds./usr/TKLC/appworks/bin/tacacsCliAuthentication.sh configure -s <TACACS_SERVER_IP> -k <SHARED_SECRET> -p <PROTOCOL> -S <SERVICE> [-t <TIMEOUT>] - Rerun the below command to configure multiple TACACS+ server IPs with
different TACACS+ server IPs and their respective details. If all TACACS+ servers
share the same metadata, the below command provides support for multiple comma
separated TACACS+ server IPs as
well:
/usr/TKLC/appworks/bin/tacacsCliAuthentication.sh configure -s <TACACS_SERVER_IP1>[,<TACACS_SERVER_IP2>] -k <SHARED_SECRET> -p <PROTOCOL> -S <SERVICE> [-t <TIMEOUT>]Table 2-58 Command Flag Supported Values
Command Flag Supported Values Protocol (-p) ip, ip6 Service (-S) login, ppp, ftp, telnet, http, https, radius, pptp, vpn, ssh