DES-7200 Configuration Guide Chapter 3 TACACS+ Configuration
3-5
3.3 TACACS+
Configuration Task
The following tasks must be executed before configuring TACACS+ on the network
device:
z Use aaa new-mode to enable AAA. AAA must be enabled before using
TACACS+; for the information how to enable aaa new-mode, please refer to
AAA Overview.
z Use tacacs-server host to configure one or multiple tacacs+ servers.
z Use tacacs-server key to specify server and NAS shared key.
z Use tacacs-server timeout to specify timeout time waiting for the server reply;
z Use tacacs-server directed-request to enable the function of supporting the user
to specify authentication server.
z If you need to authenticate, use aaa authentication to define using TACACS+
identity authentication method list. For the detailed information, please refer to
authentication configuration.
z If you need to authorize, use aaa authorization to define using TACACS+
authorization method list. For the detailed information, please refer to
authorization configuration.
z If you need to account, use aaa accounting to define using TACACS+
accounting method list. For the detailed information, please refer to accounting
configuration.
z You shall use the defined authentication list in the specified line, or you use the
list by default.
3.3.1 Configuring TACACS+
Protocol Parameter
You need to ensure that the network communication of TACACS+ server runs well
before configuring TACACS+ on the network device. Use the following commands to
configure TACACS+ protocol parameters:
Command Function
configure terminal
Enter the global configuration mode.
aaa group server tacacs+
group-name
Configure TACACS+ group server, dividing
different TACACS+ server into different groups.