[no] tacplus
config>system>security
This command enables the context to configure TACACS+ authentication on the 7705 SAR.
For redundancy, multiple server addresses can be configured for each 7705 SAR.
The no form of the command removes the TACACS+ configuration.
accounting [record-type {start-stop | stop-only}]
no accounting
config>system>security>tacplus
This command enables TACACS+ accounting and configures the type of accounting record packet that is to be sent to the TACACS+ server. The record-type parameter indicates whether TACACS+ accounting start and stop packets will be sent or just stop packets will be sent.
record-type stop-only
specifies that a TACACS+ start packet is sent whenever the user executes a command and a stop packet is sent when the command is complete
specifies that a stop packet is sent when the command execution is complete
[no] authorization
config>system>security>tacplus
This command configures TACACS+ authorization parameters for the system.
no authorization
server index address ip-address secret key [hash | hash2] [port port]
no server index
config>system>security>tacplus
This command adds a TACACS+ server and configures the TACACS+ server IP address, index, and key values.
Up to five TACACS+ servers can be configured at any one time. TACACS+ servers are accessed in order from the lowest index to the highest index for authentication requests.
The no form of the command removes the server from the configuration.
no TACACS+ servers are configured
the index for the TACACS+ server. The index determines the sequence in which the servers are queried for authentication requests. Servers are queried in order from the lowest index to the highest index.
the IP address of the TACACS+ server. Two TACACS+ servers cannot have the same IP address. An error message is generated if the server address is a duplicate.
the secret key to access the RADIUS server. This secret key must match the password on the TACACS+ server.
specifies that the key is entered in an encrypted form. If the hash parameter is not used, the key is assumed to be in an unencrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash parameter specified.
specifies that the key is entered in a more complex encrypted form. If the hash2 parameter is not used, the less encrypted hash form is assumed.
the port ID
timeout seconds
no timeout
config>system>security>tacplus
This command configures the number of seconds the router waits for a response from a TACACS+ server.
The no form of the command reverts to the default value.
3
the number of seconds the router waits for a response from a TACACS+ server, expressed as a decimal integer
[no] use-default-template
config>system>security>tacplus
This command specifies whether the user template defined by this entry is to be actively applied to the TACACS+ user.