Configuring TACACS on FlexSwitch

Having configured the above two items , the tacacs authentication should work. whenever a user is logging into the switch, the switch will send the authentication request to tacacs and will inturn get a reply from tacacs server. switch will take action according to authtication reply received from tacscs.

incase the tacacs server is not reachable for some reason, the switch will try to authenticate the user using the local database on the switch.

Configuring TACACS using the FlexSwitch CLI

For more information about how to use the CLI, see Accessing the Command Line.

Enable the TacacsGlobal Object

localhost(config)#tacacs enable
localhost(config)

Set the TACACs Server IP Address

localhost(config)#tacacs server_ip 192.168.100.38
localhost(config-tacacs+-tacacs+-192.168.100.38)#

Configure the Server Attibutes

localhost(config-tacacs+-tacacs+-192.168.100.38)#secret testing123
localhost(config-tacacs+-tacacs+-192.168.100.38)#auth_service ppp

Note

This example uses the default values for debugging, privilege, source interface, and destination port.
See the tacacs context details page for more information.

## Configuring TACACS using the FlexSwitch REST Interface


### Enable the TacacsGlobal object.

```bash
curl -X PATCH --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' -d '{"ProfileName":"default","Enable":"true","Timeout":100,"LogAcctDeny":"true","LogAcctPass":"true"}' 'http://<switch-ip>:8080/public/v1/config/TacacsGlobal'

Specify the TACACS parameters

In this step we are specifying:

  • Server IP Address
  • Source Interface
  • Auth Service
  • TACACS Server Secret
  • TACACS Server TCP Port
  • Privilege Level
  • Debug Level
curl -X POST --header 'Content-Type: application/x-www-form-urlencoded' --header 'Accept: application/json' -d '{"ServerIp":"192.168.100.38”,”SourceIntf":"ma1","AuthService":"ppp","Secret":"testing123","Port":49,"PrivilegeLevel":15,"Debug":0}' 'http://1<server-ip>:8080/public/v1/config/Tacacs'