TACACS+ Password Change
Configuring TACACS+ Authentication on the Switch
1. Configure the IPv4 addresses of the Primary and Secondary TACACS+ servers, and
enable TACACS authentication.
2. Configure the TACACS+ secret and second secret.
3. If desired, you may change the default TCP port number used to listen to
TACACS+. The well‐known port for TACACS+ is 49.
© Copyright Lenovo 2015
Command arguments are not sent for authorization.
Only executed commands are logged.
Invalid commands are checked by Lenovo N/OS, and are not sent for authoriza‐
tion or logging.
Authorization is performed on each leaf‐level command separately. If the user
issues multiple commands at once, each command is sent separately as a full
path.
Only the following global commands are sent for authorization and logging:
diff
ping
revert
telnet
traceroute
Lenovo N/OS supports TACACS+ password change. When enabled, users can
change their passwords after successful TACACS+ authorization. Use the
following command to enable or disable this feature:
CN4093(config)# [no] tacacsserver passwordchange
Use the following commands to change the password for the primary and
secondary TACACS+ servers:
CN4093(config)# tacacsserver chpassp (Change primary TACACS+ password)
CN4093(config)# tacacsserver chpasss (Change secondary TACACS+ password)
CN4093(config)# tacacsserver primaryhost 10.10.1.1(Enter primary server IPv4
address)
CN4093(config)# tacacsserver primaryhost mgtport
CN4093(config)# tacacsserver secondaryhost 10.10.1.1
CN4093(config)# tacacsserver secondaryhost dataport
CN4093(config)# tacacsserver enable
CN4093(config)# tacacsserver primaryhost 10.10.1.1 key <1‐32 character secret>
CN4093(config)# tacacsserver secondaryhost 10.10.1.2 key
<1‐32 character secret>
If you configure the TACACS+ secret using any method other than a direct console
connection, the secret may be transmitted over the network as clear text.
CN4093(config)# tacacsserver port <TCP port number>
(Enter secondary server IPv4 address)
Chapter 6: Authentication & Authorization Protocols
85