Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

VRF support for TACACS+

An overview of VRF support for TACACS+ and configuration examples.

TACACS+ must run on a single routing instance. When you configure TACACS+ without specifying an instance, the TACACS+ servers start in the default routing instance. If you specify a nondefault routing instance, you must verify that all TACACS+ servers configured for AAA are reachable from the same routing instance.

The following examples show excerpts of TACACS+ configurations that use these values:
  • routing instance = BLUE
  • TACACS+ servers 10.10.30.24 (TAC-1) and 10.10.30.25 (TAC-2)
  • secret = secured

In the following example, the TACACS+ servers start in the default routing instance.

vyatta@R1# set system login tacplus-server 10.10.30.24 secret secured
vyatta@R1# set system login tacplus-server 10.10.30.25 secret secured
vyatta@R1# commit
vyatta@R1# run show configuration
system {
        login {
                tacplus-server 10.10.30.24 {
                        secret "********"
                tacplus-server 10.10.30.25 {
                        secret "********"
                }
                user vyatta {
                        authentication {
                                encrypted-password "********"
                        }
                        level superuser
                }
        }
}

The following example shows how to configure the same servers to run in the BLUE routing instance.

vyatta@R1# set routing routing-instance BLUE system login tacplus-server 10.10.30.24 secret secured
vyatta@R1# set routing routing-instance BLUE system login tacplus-server 10.10.30.25 secret secured
#commit
#run sh configuration
routing {
        routing-instance BLUE {
                system {
                        login {
                                tacplus-server 10.10.30.24 {
                                        secret "********"
                                tacplus-server 10.10.30.25 {
                                        secret "********"
                                }
                        }
                }
        }
}

For more information about TACACS+ and configuring TACACS+, see Ciena Vyatta Network OS Basic System Configuration Guide.