Configuring TACACS+ Authorization

In order for TACACS+ authorization to function, TACACS+ authentication must be enabled first. See Enabling TACACS+ Authentication.

On the local router, use the following CLI commands to configure TACACS+ authorization:

CLI Syntax:
config>system>security
    tacplus
        authorization
        no shutdown

The following example displays the CLI syntax usage:

Example:
config>system>security>
config>system>security# tacplus
config>system>security>tacplus# authorization
config>system>security>tacplus# no shutdown

The following example displays the TACACS+ authorization configuration:

ALU-1>config>system>security>tacplus# info
----------------------------------------------
                authorization
                timeout 5
                server 1 address 10.10.0.5 secret "h6.TeL7YPohbmhlvz0gob." hash2
                server 2 address 10.10.0.6 secret "h6.TeL7YPog7WbLsR3QRd." hash2
                server 3 address 10.10.0.7 secret "h6.TeL7YPojGJqbYt85LVk" hash2
                server 4 address 10.10.0.8 secret "h6.TeL7YPoiCfWKUFHARvk" hash2
                server 5 address 10.10.0.9 secret "h6.TeL7YPojuCyTFvTNGBU" hash2
----------------------------------------------
ALU-1>config>system>security>tacplus#
Parent topic: Configuring TACACS+ Parameters