Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

VRF support for TACACS+

An overview of VRF support for TACACS+ and configuration examples.

TACACS+ must run on a single routing instance. When you configure TACACS+ without specifying an instance, the TACACS+ servers start in the default routing instance. If you specify a nondefault routing instance, you must verify that all TACACS+ servers configured for AAA are reachable from the same routing instance.

The following examples show excerpts of TACACS+ configurations that use these values:
  • routing instance = BLUE
  • TACACS+ servers 10.10.30.24 (TAC-1) and 10.10.30.25 (TAC-2)
  • secret = secured

In the following example, the TACACS+ servers start in the default routing instance.

vyatta@R1# set system login tacplus-server 10.10.30.24 secret secured
vyatta@R1# set system login tacplus-server 10.10.30.25 secret secured
vyatta@R1# commit
vyatta@R1# run show configuration
system {
        login {
                tacplus-server 10.10.30.24 {
                        secret "********"
                tacplus-server 10.10.30.25 {
                        secret "********"
                }
                user vyatta {
                        authentication {
                                encrypted-password "********"
                        }
                        level superuser
                }
        }
}

The following example shows how to configure the same servers to run in the BLUE routing instance.

vyatta@R1# set routing routing-instance BLUE system login tacplus-server 10.10.30.24 secret secured
vyatta@R1# set routing routing-instance BLUE system login tacplus-server 10.10.30.25 secret secured
#commit
#run sh configuration
routing {
        routing-instance BLUE {
                system {
                        login {
                                tacplus-server 10.10.30.24 {
                                        secret "********"
                                tacplus-server 10.10.30.25 {
                                        secret "********"
                                }
                        }
                }
        }
}

For more information about TACACS+ and configuring TACACS+, see Ciena Vyatta Network OS Basic System Configuration Guide.