Users Guide

Table Of Contents
Configure a global timeout setting allowed on TACACS+ servers. By default, OS10 times out after five seconds. No source
interface is configured. The default VRF instance is used to contact TACACS+ servers.
NOTE: You cannot configure both a nondefault VRF instance and a source interface at the same time for TACACS+
authentication.
NOTE: A TACACS+ server configured with a host name is not supported on a nondefault VRF.
Configure the global timeout used to wait for an authentication response from TACACS+ servers in CONFIGURATION mode,
from 1 to 1000 seconds; the default is 5.
tacacs-server timeout seconds
(Optional) Specify an interface whose IP address is used as the source IP address for user authentication with a TACACS+
server in CONFIGURATION mode. By default, no source interface is configured. OS10 selects the source IP address of any
interface from which a packet is sent to a TACACS+ server.
NOTE: If you configure a source interface which has no IP address, the IP address of the management interface is used.
ip tacacs source-interface interface
(Optional) By default, the switch uses the default VRF instance to communicate with TACACS+ servers. You can optionally
configure a non-default or the management VRF instance for TACACS+ authentication in CONFIGURATION mode.
tacacs-server vrf management
tacacs-server vrf vrf-name
Configure TACACS+ server
OS10(config)# tacacs-server host 1.2.4.5 key mysecret
OS10(config)# ip tacacs source-interface loopback 2
Configure TACACS+ server for non-default VRFs
OS10(config)# ip vrf blue
OS10(conf-vrf)# exit
OS10(config)# tacacs-server vrf blue
View TACACS+ server configuration
OS10# show running-configuration
...
tacacs-server host 1.2.4.5 key 9
3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b
ip tacacs source-interface loopback 2
...
Delete TACACS+ server
OS10# no tacacs-server host 1.2.4.5
TACACS as Primary Authentication
The AAA authentication configuration must be present as one of the authentication methods. The following error message is
displayed when you atempt to configure AAA authentication without first configuring the local authentication method:
% Error: local authentication not configured
After upgrading to 10.5.1 from an earlier release, there is no change in the AAA authentication configuration when this
configuration has the local authentication method configured. After upgrading to 10.5.1 in MX-series platforms, the local
authentication method is appended to the authentication list when local authentication is not configured.
Security
1321