Configuring tacacs – Extreme Networks 200 Series User Manual

Authenticating Users

Summit 200 Series Switch Installation and User Guide

69

Contents of the file “profiles”:

PROFILE1 deny

{

enable *, disable ipforwarding

show switch

}

PROFILE2

{

enable *, clear counters

show management

}

PROFILE3 deny

{

create vlan *, configure iproute *, disable *, show fdb

delete *, configure rip add

}

Configuring TACACS+

Terminal Access Controller Access Control System Plus (TACACS+) is a mechanism for providing
authentication, authorization, and accounting on a centralized server, similar in function to the RADIUS
client. The ExtremeWare version of TACACS+ is used to authenticate prospective users who are
attempting to administer the switch. TACACS+ is used to communicate between the switch and an
authentication database.

NOTE

You cannot use RADIUS and TACACS+ at the same time.

You can configure two TACACS+ servers, specifying the primary server address, secondary server
address, and UDP port number to be used for TACACS+ sessions.

Table 20 describes the commands that are used to configure TACACS+.