Configuring TACACS+ Authentication on the Switch
1. Configure the IPv4 addresses of the Primary and Secondary TACACS+ servers, and
enable TACACS authentication. Specify the interface port (optional).
2. Configure the TACACS+ secret and second secret.
3. If desired, you may change the default TCP port number used to listen to
TACACS+.
4. Configure the number of retry attempts, and the timeout period.
© Copyright Lenovo 2016
RS G8264(config)# tacacsserver primaryhost 10.10.1.1
RS G8264(config)# tacacsserver primaryhost mgtport
RS G8264(config)# tacacsserver secondaryhost 10.10.1.2
RS G8264(config)# tacacsserver secondaryhost dataport
RS G8264(config)# tacacsserver enable
Note: You can use a configured loopback address as the source address so the
TACACS+ server accepts requests only from the expected loopback address block.
Use the following command to specify the loopback interface:
RS G8264(config)# ip tacacs sourceinterface loopback <1‐5>
RS G8264(config)# tacacsserver primaryhost 10.10.1.1 key
<1‐32 character secret>
RS G8264(config)# tacacsserver secondaryhost 10.10.1.2 key
<1‐32 character secret>
The well‐known port for TACACS+ is 49.
RS G8264(config)# tacacsserver port <TCP port number>
RS G8264(config)# tacacsserver retransmit 3
RS G8264(config)# tacacsserver timeout 5
Chapter 5: Authentication & Authorization Protocols
113