Configuring Tacacs+ Aaa Services - Cisco ASR 5500 Administration Manual

Configuring TACACS+ AAA Services

Important
Configuring TACACS+ AAA Services
This section provides an example of how to configure TACACS+ AAA services for administrative users on
the system.
When configuring TACACS+ AAA services for the first time, the administrative user must use
Caution
non-TACACS+ services to log into the ASR 5x00. Failure to do so will result in the TACACS+ user being
denied access to the system.
Log in to the system using non-TACACS+ services.
Use the example below to configure TACACS+ AAA services on the system:
configure
tacacs mode
server priority priority_number ip-address tacacs+srvr_ip_address
end
Note:
• server priority priority_number: Must be an integer from 1 to 3 (releases prior to 18.2) or 1 through
• ip-address: Must be the IPv4 address of a valid TACACS+ server that will be used for authenticating
• By default, the TACACS+ configuration will provide authentication, authorization, and accounting
Enable TACACS+ on the ASR 5x00:
configure
aaa tacacs+
end
Save the configuration as described in the Verifying and Saving Your Configuration chapter.
Important
ASR 5500 System Administration Guide, StarOS Release 19
46
For instructions on defining users and administrative privileges on the system, refer to Configuring System
Administrative Users.
4 (releases 18.2+), that specifies the order in which this TACACS+ server will be tried for TACACS+
authentication. 1 is the highest priority, and 3 or 4 is the lowest. The priority number corresponds to a
configured TACACS+ server.
administrative users accessing this system via TACACS+ AAA services.
services.
For complete information on all TACACS+ Configuration Mode commands and options, refer to the
TACACS Configuration Mode Commands chapter in the Command Line Reference.
System Settings