TACACS Settings EcoNAT Documentation / Quick system start / TACACS Settings
The connection settings for the TACACS server are located in the system tacacs branch of the configuration tree. In order to activate the device connection to the TACACS server, the enable parameter must be set in this branch.
In EcoNAT, you can configure two TACACS servers (primary and secondary) - server1 and server2.
The list of configurable parameters for connecting to a TACACS server is shown in the table below.
| Parameter | Description |
|---|---|
enable | disable | Active or not connection to the TACACS server |
| server <IP address> | Address of the TACACS server. An IP address or domain name can be specified |
| secret <PASS> | Password to connect to the TACACS server. It is stored in an encrypted configuration |
| fallback {on | off} | In the event that the TACACS authorization fails, it will be attempted to find the user in the local database:
|
| accounting {on | off} | Enabling and disabling user account authorization through TACACS |
| service_type <TYPE> | Service Type. Must match the type of service specified in the settings of the TACACS server |
| protocol <PROTOCOL> | Protocol. Must match the specified in the settings of the TACACS server |
Configuration example:
MyEcoNAT:44:system.tacacs# ls
timeout 5
fallback on
accounting off
service_type "shell"
protocol ""
server1
{disable
server "1.1.1.1"
secret "b4ff371e8df242ca5f09801e8d8d8e9cf3a6cb552eb024577026f2f007bdbbdc"
}
server2
{enable
server "2.2.2.2"
secret "e9d029b9851d3ed5334f01605e6041940960bae72c13237366edc9ce2fed432c"
}
The show tacacs command exists to view information about the current session. The command displays information about the current session on the console and about when the last connection to the TACACS server was made.
EcoNAT:20:> show tacacs
The current session is handled by TACACS server at 172.16.1.10:49
TACACS server was accessed 0 seconds ago