TACACS+ Configuration
The service name and attribute‐value pairs can be any character string, and are determined by
your TACACS+ server configuration.
Since a task ID is associated with each accounting session, if there is a failover to a backup server,
the accounting information will still be associated with the correct session using the task ID.
Examples
This example configures the service requested by the TACACS+ client as the service name "basic."
C3(rw)->set tacacs session authorization service basic
This example maps the read‐write access privilege level to an attribute named "priv‐lvl" with the
value of 5 configured on the TACACS+ server.
C3(rw)->set tacacs session authorization read-write priv-lvl 5
This example enables TACACS+ session accounting.
C3(rw)->set tacacs session accounting enable
clear tacacs session
Use this command to return the TACACS+ session authorization settings to their default values.
Syntax
clear tacacs session authorization {[service]|[read-only]|[read-write] |
[super-user]}
Parameters
authorization
service
read‐only
read‐write
super‐user
Defaults
At least one of the session authorization parameters must be specified.
Mode
Switch command, Read‐Write.
Examples
This example shows how to return the service name to the default of "exec."
C3(rw)->clear tacacs session authorization service
This example shows how to return all the session authorization parameters to their default values.
C3(rw)->clear tacacs session authorization service read-only read-write super-
user
27-8
Clears the TACACS+ session authorization parameters.
Clears the TACACS+ session authorization service name to the default
value of "exec."
Clears the TACACS+ session authorization read‐only attribute‐value
pair to their default values of "priv‐lvl" and 0.
Clears the TACACS+ session authorization read‐write attribute‐value
pair to their default values of "priv‐lvl" and 1.
Clears the TACACS+ session authorization super‐user attribute‐value
pair to their default values of "priv‐lvl" and 15.
clear tacacs session