home

Supported platforms

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailSupported platforms

User management configuration

Configuring a system for a TACACS+ authentication server

This section provides a sample configuration of a vRouter for a TACACS+ authentication server, as shown in the following figure.

Figure 1. Configuration of a TACACS+ authentication server

The example shows how to define a TACACS+ authentication server at the 10.10.30.24 IP address. The system is to access the TACACS+ server by using a secret of vX87ssd9Z. Configuring the server address and the secret are the minimal configuration requirements. The port and timeout values can be changed, if required. The default port is 49 and the default timeout is 3 seconds.

Note: Carefully select the shared secret because this secret (string of characters) prevents snooping attacks on passwords. This secret, or key, is used on every packet, so it is important to choose a key that makes brute-force attacks more difficult; this key should be harder to guess than any password on the system.

To define this TACACS+ authentication server, perform the following steps in configuration mode. Run $ configure to enter the configuration mode.

Table 1. Configuring a system for a TACACS+ authentication server
Step Command

Provide the location of the server and the secret to be used to access it. 

vyatta@R1# set system login tacplus-server 10.10.30.24 secret vX87ssd9Z

Commit the change. 

vyatta@R1# commit

Save the configuration so that the changes persist after reboot. 

vyatta@R1# save

Saving configuration to '/config/config.boot'...
Done

Show the contents of the system tacplus-server configuration node. 

vyatta@R1:~$ show system login tacplus-server

tacplus-server 10.10.30.24 {
    secret "********" 
}

Show the status of TACACS+. 

vyatta@R1:~$ show system tacplus status  

Server address: 10.10.30.24 (active)
Server port: 49 
Authentication requests/replies: 1/1 
Authorization requests/replies: 2/2 
Accounting requests/replies: 5/5 
Failed connects: 0

Last updated: May 7, 2021