Table of Contents
Advertisement
Media Flow Controller CLI Commands
tacacs-server
TACACS+ (Terminal Access Controller Access-Control System Plus) is a protocol that
provides access control for routers, network access servers and other networked computing
devices via one or more centralized servers. TACACS+ provides separate authentication,
authorization and accounting services. TACACS+ servers are tried in the order they are
configured.
tacacs-server
host <IP_address>
auth-port <port>
auth-type {ascii | pap}
key <string>
prompt-key
retransmit <retries>
timeout <seconds>
key [<key_string>]
retransmit <retries>
timeout <seconds>
Notes:
•
host <IP_address>
authentication. Some of the arguments given may override the configured global defaults
for all TACACS+ servers. Use no tacacs-server host <IP_address> to delete all
TACACS+ servers with the specified IP address. To refine which host is deleted, no
tacacs-server host <IP_address> auth-port <port> may be specified.
•
auth-port
IP address can be used in more than one tacacs-server host command as long as
the auth-port is different for each. A UDP port number, auth-port must be specified
immediately after the host option (if present). Default is 49.
•
auth-type
authentication methods (ascii or pap) to use. Default is pap.
•
key
communicate with any TACACS+ server. If unspecified, the user is prompted for it.
•
prompt-key
the key, with the entry echoed as asterisk (*) characters, for greater security.
•
retransmit
client attempts to authenticate with any TACACS+ server. Range is 0-5, default is 1.
Set to 0 to disable retransmissions.
•
timeout
retransmitting a request to any TACACS+ server. Range is 1-60, default is 3.
•
—Sets, or clears (with no), a global communication value for all TACACS+ servers.
key
Can be overridden in a tacacs-server host command. Sets the shared secret text string
used to communicate with any TACACS+ server. If the positive form of the private key
command is used with no key, the user is prompted for the key. Entries made at this
prompt echo the asterisk (*) character, and the user must enter the same string twice.
•
retransmit
TACACS+ servers. Can be overridden in a tacacs-server host command. Range is 0-5,
368
tacacs-server
—Add a TACACS+ server to the set of servers used for
—For this host, sets or clears (with no) the port for TACACS+. The same
—For this host, specify which of the two currently supported
—For this host, set, or clear (with no), the shared secret text string used to
—Mutually exclusive with key <string>. It requests to be prompted for
—For this host, set or reset to 0 (zero) (with no), the number of times the
—For this host, set or reset to default (with no), the wait time for
—Sets, or resets to 0 (zero) (with no), a global communication value for all
Media Flow Controller Administrator's Guide
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Chapters
Table of Contents
Troubleshooting
