Miscellaneous Procedures > Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers > Configuring a TACACS+ Authentication Server on the Command Line

Configuring a TACACS+ Authentication Server on the Command Line
The following list defines the values that must be defined when configuring a TACACS+ authentication server.
authhost1: IP address of the TACACS+ authentication server. A second TACACS+ authentication server can be configured with the parameter authhost2.
accthost1: IP address of a TACACS+ accounting server, which can be used to track how long users are connected after being authorized by the authentication server. Its use is optional. If this parameter is not defined, accounting is not be performed. If the same server is used for authentication and accounting, both parameters must be defined with the same address. A second TACACS+ accounting server can be configured with the parameter accthost2.
secret: The shared secret (password) necessary for communication between the OnSite and the TACACS+ servers.
encrypt: The default is 1, enable encryption. 0 means disable encryption.
service: The service to be enabled, in this case: “raccess.”
protocol: The default is lcp (line control protocol). Specify another parameter if required.
timeout: The timeout (in seconds) for a TACACS+ authentication query to be answered.
retries : Defines the number of times a TACACS+ server is tried before another is contacted. The first server authhost1 is tried for the specified number of times, before the second authhost2, if configured, is contacted and tried for the specified number of times. If the second server fails to respond or if no second server is configured, TACACS+ authentication fails.
To Configure a TACACS+ Authentication Server on the Command Line
1.
authhost1=TACACS+_ authentication_server_IP
accthost1=TACACS+_ accounting_server_IP
secret= secret
Note: If configuring group access on the TACACS+ authentication server, service must be defined as raccess.
2.

Miscellaneous Procedures > Configuring Groups on LDAP, NTLM, RADIUS, and TACACS+ Authentication Servers > Configuring a TACACS+ Authentication Server on the Command Line