Configuring TACACS+ Servers

Configuring TACACS+ Servers - Gaia Portal

To configure a TACACS+ server:

Step	Description
1	In the navigation tree, click User Management > Authentication Servers.
2	In the TACACS+ Configuration section, select Enable TACACS+ authentication. This setting applies to all configured TACACS+ servers.
3	Click Apply.
4	In the TACACS+ Servers section, click Add.
5	Configure the TACACS+ parameters:
	Priority - The priority of the TACACS+ server - from 1 to 20. Must be unique for this operating system. Gaia uses the priority: To determine the order, in which Gaia connects to the TACACS+ servers. First, Gaia connects to the TACACS+ server with the lowest priority number. For example: Three TACACS+ servers have a priority of 1, 5, and 10 respectively. Gaia connects to these TACACS+ servers in that order, and uses the first TACACS+ server that responds. To identify the TACACS+ server in commands. A command with `priority 1` applies to the TACACS+ server with priority 1.
	Server - IPv4 address of the TACACS+ server.
	Shared Key - The Shared Secret used for authentication between the TACACS+ server and Gaia. Enter the shared secret text string up to 256 characters, without any whitespace characters and without a backslash. Make sure that the shared string defined on the Gaia matches the shared string defined on the TACACS+ server.
	Timeout in Seconds - Enter the timeout in seconds (from 1 to 60), during which Gaia waits for the TACACS+ server to respond. The default value is 5. If there is no response after the configured timeout, Gaia tries to connect to a different configured TACACS+ server.
6	Click OK.
7	Optional: In the TACACS+ Servers Advanced Configuration section, select the User UID - 0, or 96 and click Apply. This setting applies to all configured TACACS+ servers.

To disable TACACS+ authentication:

Step

Description

In the navigation tree, click User Management > Authentication Servers.

In the TACACS+ configuration section, clear Enable TACACS+ authentication.

This setting applies to all configured TACACS+ servers.

Click Apply.

To delete a TACACS+ server:

Step	Description
1	In the navigation tree, click User Management > Authentication Servers.
2	In the TACACS+ Servers section, select a TACACS+ server.
3	Click Delete.
4	Click OK to confirm.

To verify if the logged in user is enabled for TACACS+:

Run in Gaia Clish: show tacacs_enable

Configuring TACACS+ Servers - Gaia Clish

Description

Configure TACACS+ authentication servers.

Syntax

To configure TACACS+ server for use in a single authentication profile:

add aaa tacacs-servers priority <Priority> server <IPv4 Address of TACACS+ Server> key <Shared Secret> timeout <1-60>
To change the configuration of a specific TACACS+ server:

set aaa tacacs-servers priority <Priority>

server <IPv4 Address of TACACS+ Server>

new-priority <New Priority>

key <Shared Secret>

timeout <1-60>
To change the configuration that applies to all configured TACACS+ servers:

set aaa tacacs-servers

state {on | off}

user-uid <0 | 96>
To show a list of all configured TACACS+ servers associated with an authentication profile:

show aaa tacacs-servers list
To show the configuration of a specific TACACS+ server:

show aaa tacacs-servers priority <Priority>

server

timeout
To show the configuration that applies to all configured TACACS+ servers:

show aaa tacacs-servers

state

user-uid
To delete a specific RADIUS server:

delete aaa tacacs-servers

priority <Priority>
To delete the configuration that applies to all configured TACACS+ servers:

delete aaa tacacs-servers

NAS-IP

Important - After you add, configure, or delete features, run the save config command to save the settings permanently.

Parameters

Parameter	Description
`priority <`Priority`>`	The priority of the TACACS+ server - from 1 to 20. Must be unique for this operating system. The priority is used: To determine the order, in which Gaia connects to the TACACS+ servers. First, Gaia connects to the TACACS+ server with the lowest priority number. For example: Three TACACS+ servers have a priority of 1, 5, and 10 respectively. Gaia connects to these TACACS+ servers in that order, and uses the first TACACS+ server that responds. To identify the TACACS+ server in commands. A command with `priority 1` applies to the TACACS+ server with priority 1. Values: Range: `1 - 20` Default: No default
`server <`IPv4 Address of TACACS+ Server`>`	IPv4 address of the TACACS+ server.
`key <`Shared Secret`>`	The Shared Secret used for authentication between the TACACS+ server and Gaia. Enter the shared secret text string up to 256 characters, without any whitespace characters and without a backslash. Make sure that the shared string defined on the Gaia matches the shared string defined on the TACACS+ server.
`timeout <1-60>`	Enter the timeout in seconds, during which Gaia waits for the TACACS+ server to respond. If there is no response after the configured timeout, Gaia tries to connect to a different configured TACACS+ server. Range: `1 - 60` Default: `5`
`new-priority <`New Priority`>`	Configures the new priority for the TACACS+ server.
`state {on \| off}`	Configures the state of TACACS+ authentication. Range: `on`, or `off` Default: `off`

Example

gaia> set aaa tacacs-servers priority 2 server 10.10.10.99 key MySharedSecretKey timeout 10