system tacacs—Configure the properties of a TACACS+ server that is used in conjunction with AAA to authorize and authenticate users who attempt to access Viptela devices.
vManage Feature Template
For all Viptela devices:
Configuration ► Templates ► AAA
system tacacs authentication password-authentication server ip-address auth-port port-number priority number secret-key password source-interface interface-name vpn vpn-id timeout seconds
- Address of TACACS+ Server
- server ip-address
IP address of a TACACS+ server host in the local network. You can configure up to 8 TACACS+ servers.
- Authentication Key
- secret-key password
Key to use for authentication and encryption between the Viptela device and the TACACS+ server. You type the key as a text string from 1 to 32 characters long, and it is immediately encrypted, or you can type an AES 128-bit encrypted key. The key must match the encryption key used on the TACACS+ server.
- Destination Port for Authentication Requests
- auth-port port-number
UDP destination port to use for authentication requests to the TACACS server. If the server is not used for authentication, configure the port number to be 0. If you do not configure a port number, the default is TACACS+ authentication port is 49.
- Interface To Use To Reach Server
- source-interface interface-name
Interface on the local device to use to reach the TACACS+ server.
- Password Authentication
- authentication authentication-type
Set the type of authentication to use for the server password. The default authentication type is PAP. You can change it to ASCII.
- Server Priority
- priority number
Set the priority of a TACACS+ server, as a means of choosing or load balancing among multiple TACACS+ servers. A server with lower priority number is given priority over one with a higher number.
Range: 0 through 7
- Time to Wait for Replies from Server
- timeout seconds
Configure the interval, in seconds, that the Viptela device waits to receive a reply from the TACACS+ server before retransmitting a request.
Range: 1 through 1000
Default: 5 seconds
- VPN where Server Is Located
- vpn vpn-id
- VPN in which the TACACS+ server is located or through which the server can be reached. If you configure multiple TACACS+ servers, they must all be in the same VPN.
Range: 0 through 65530
Default: VPN 0
vEdge(config)# system tacacs vEdge(config-tacacs)# server 220.127.116.11 secret-key $4$aCGzJg5k6M8zj4BgLEFXKw== vEdge(config-server-18.104.22.168)# exit vEdge(config-tacacs)# exit vEdge(config-system)# aaa auth-order local tacacs vEdge(config-aaa)# exit vm5(config-system)# show configuration system aaa auth-order local tacacs ! tacacs server 22.214.171.124 secret-key $4$aCGzJg5k6M8zj4BgLEFXKw== vpn 1 exit ! !
Command introduced in Viptela Software Release 14.2.
source-interface command added in Release 14.3.
In Release 15.3.8, add secret-key command and deprecate key command.
In Release 16.2.2, add authentication and priority commands.