Reset Search



How to configure TACACS on a 200-Series switch

« Go Back


TitleHow to configure TACACS on a 200-Series switch
How to configure TACACS on a 200-Series switch
  • 200-Series
  • All firmware versions
  • Define the TACACS server IP address and secret:
(Extreme 210) #configure

(Extreme 210) (Config)#tacacs-server host [IP_ADDRESS]

(Extreme 210) (Tacacs)#key [SECRET]

(Extreme 210) (Tacacs)#exit
  • Specify source interface for TACACS to use:
(Extreme 210) (Config)#tacacs-server source-interface network
Note:  You can use a vlan interface, loopback interface, or serviceport as well.  In most cases "network" is what you want.  This will source the TACACS packets from the address defined in the "network parms" command.  "show network" to verify.
  • Configure the switch to use TACACS for telnet/ssh login:
(Extreme 210) (Config)#aaa authentication login networkList tacacs
Additional notes
"networkList" in the "aaa authentication" command is not an arbitrary value, it is the default list that is used for telnet/ssh connections.  We can see a breakdown of this by looking at "show authentication method":
(Extreme 210) (Config)#show authentication method

Login Authentication Method Lists
defaultList         :  local
networkList         :  tacacs

Enable Authentication Method Lists
enableList          :  enable   none
enableNetList       :  enable   deny

Line     Login Method List    Enable Method List
-------  -----------------    ------------------
Console  defaultList          enableList
Telnet   networkList          enableList
SSH      networkList          enableList

HTTPS       :local
HTTP        :local
DOT1X       :

We can create non-default lists and use those as well, but this is the simplest way to make it work.

In this scenario, console connections would still use local credentials for authentication.



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255