Forum Discussion
VFB
Cirrus
CirrusCLI for tacacs
Hi all, I need some assistance in configuring tacacs via CLI. I have it configured via GUI on my test box but I have a bunch more devices I need to configure it on and rather script it. Thanks in adv...
Brad_ParkerCirrus
CirrusThis should get you going
tmsh create auth tacacs system-auth { protocol ip secret YourSecret servers add { ACSserver1 ACSserver2 } service ppp}
VFBLooks like what I had initially, but I noticed I had to go into the GUI to change the user directory to "Remote - Tacacs+", External Users to "Administrator" and Terminal access to "tmsh". Is this something that can be done in CLI as well?- Brad_Parkertmsh modify auth source type tacacs AND tmsh modify auth remote-user default-role admin remote-console-access tmsh
- VFBVery close at this point. The only piece left is to change the user directory from Local to "Remote - TACACS+". The CLI still isn't straightforward with that piece of it.
- Brad_ParkerOk so the very first thing to do is auctually to CREATE the tacacs system-auth object. I have update the original tmsh command to be create rather than modify, since I assume you're starting from no defined tacacs config. After that is created, its as simple as "tmsh modify auth source type tacacs".
- VFBI got my devices configured, but noticed I'm still able to access the devices with local credentials. How can I configure to permit local creds only if tacacs servers are unreachable?
