Table of Contents
Advertisement
Chapter 28
Configuring RADIUS and TACACS+
S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
TACACS+ custom attributes can be defined on an Access Control Server (ACS) for various services (for
Note
example, shell). Cisco MDS 9000 Family switches require the TACACS+ custom attribute for the service
shell to be used for defining roles.
Supported TACACS+ Servers
The Cisco SAN-OS software currently supports the following parameters for the listed TACACS+
servers:
•
•
•
Displaying TACACS+ Server Details
Use the show tacacs+ commands to display configurations for the TACACS+ protocol configuration in
all switches in the Cisco MDS 9000 Family (see Examples
Example 28-4 Displays Configured TACACS+ Server Information
switch# show tacacs-server
Global TACACS+ shared secret:***********
timeout value:30
total number of servers:3
following TACACS+ servers are configured:
Example 28-5 Displays AAA Authentication Information
switch# show aaa authentication
OL-8222-01, Cisco MDS SAN-OS Release 3.x
TACACS+
cisco-av-pair=shell:roles="network-admin"
Cisco ACS TACACS+
shell:roles="network-admin"
shell:roles*"network-admin"
cisco-av-pair*shell:roles="network-admin"
cisco-av-pair*shell:roles*"network-admin"
cisco-av-pair=shell:roles*"network-admin"
Open TACACS+
cisco-av-pair*shell:roles="network-admin"
cisco-av-pair=shell:roles*"network-admin"
171.71.58.91:
available on port:2
cisco.com:
available on port:49
171.71.22.95:
available on port:49
TACACS+ shared secret:*****
default: group TacServer local none
console: local
iscsi: local
dhchap: local
28-4
to 28-8).
Cisco MDS 9000 Family CLI Configuration Guide
Configuring TACACS+
28-13
Advertisement
Table of Contents
