Configuring TACACS+ for System Administrative Users
Associating an SFTP root Directory with an Administrator
The administrator command allows an administrator to associate an SFTP root directory for a specified
administrator.
configure
context local
Associating an SFTP root Directory with a Config Administrator
The config-administrator command allows an administrator to associate an SFTP root directory with a specified
configuration administrator.
configure
context local
Configuring TACACS+ for System Administrative Users
This section describes TACACS+ (Terminal Access Controller Access Control System+) AAA (Authentication
Authorization and Accounting) service functionality and configuration on the ASR 5x00.
Operation
TACACS+ is a secure, encrypted protocol. By remotely accessing TACACS+ servers that are provisioned
with the administrative user account database, the ASR 5x00 can provide TACACS+ AAA services for system
administrative users. TACACS+ is an enhanced version of the TACACS protocol that uses TCP instead of
UDP.
The ASR 5x00 system serves as the TACACS+ Network Access Server (NAS). As the NAS the system
requests TACACS+ AAA services on behalf of authorized system administrative users. For the authentication
to succeed, the TACACS+ server must be in the same local context and network accessed by the system.
The system supports TACACS+ multiple-connection mode. In multiple-connection mode, a separate and
private TCP connection to the TACACS+ server is opened and maintained for each session. When the
TACACS+ session ends, the connection to the server is terminated.
TACACS+ is a system-wide function on the ASR 5x00. TACACS+ AAA service configuration is performed
in TACACS Configuration Mode. Enabling the TACACS+ function is performed in the Global Configuration
Mode. The system supports the configuration of up to three TACACS+ servers.
Once configured and enabled on the system, TACACS+ authentication is attempted first. By default, if
TACACS+ authentication fails, the system then attempts to authenticate the user using non-TACACS+ AAA
services, such as RADIUS.
ASR 5500 System Administration Guide, StarOS Release 19
44
administrator user_name password password ftp sftp-server sftp_name
exit
config-administrator user_name password password ftp sftp-server sftp_name
exit
System Settings