Support User Manuals

Nortel Networks BSGX4e Network Router User Manual

Open as PDF

of 184

Tacplus command 3 Configuration commands

166 NN47928-107

tacplus client

This command provides additional security when logging in to the BSGX4e.

When a log in is externally authenticated, a client in the device sends the

log in information to an external server for authentication.

Note: When external authentication is used for a user account, the external

server defines the password required for log in using the account. The

password command can change the internal password stored for the

account, but this password is not used for authentication and so the

effective password is not changed.

One external authentication method uses the TACACS+ protocol to provide

authentication services. Normal operation fully encrypts the body of the

packet for secure communication. It uses TCP port 49.

The TACACS+ client in the BSGX4e is compatible with standard TACACS+

servers, maps TACACS+ authentication records to users by their user

account name, can reference up to twenty TACACS+ authentication

records, and provides ASCII log in authentication.

Syntax config tacplus client [admin|user] enabled [yes|no] server <ip

address|fqdn> key “<command name>”

Parameters admin|user Enter the name of the user account to which

the authentication record applies.

enabled yes|no Enable/disable TACACS+ for the user. The

default is no.

server ip address|fqdn

Enter the IP address or FQDN of the TACACS+

server.

key “command name”

Enter a shared key for the client as determined

by the server. If the key includes a space

character, enclose the key value in double-

quote characters (“ ”).

Example The following example creates an authentication record for user account

TACuser. It assumes that the user account TACuser has been configured

and TACACS+ has been specified as its authentication method. See user

accounts on page 169 for more information on configuring user accounts.

> config tacplus client tacuser

Entering interactive mode: ctrl^z | 'exit', ctrl^c | 'quit'

TAB to cycle parameter options

tacplus-cl-TACu#> enabled yes

tacplus-cl-TACu#> server 172.29.19.56

tacplus-cl-TACu#> key “tacacskey”

tacplus-cl-TACu#> exit

Related

commands

del tacplus client

display tacplus client

show tacplus client

show user accounts

previous next