Priority |
The TACACS+ server with the lowest priority is the first used for an TACACS+ AAA request. If there is no response or the access was denied (in the non-authoritave case only, see also tacacspSrvPolicy) the TACACS+ server with the next lowest priority will be used. The default value is 0. Range: 0 to 9 |
Address |
The TACACS+ server IP address. |
TcpPort |
The Login Host Protocol (TACACS) TCP port assigned by the IANA. |
Secret |
The shared secret between the TACACS+ server and the NAS (encryption key in the TACACS+ server's configuration file). Length: 0 to 255 |
Timeout |
The amount of seconds waiting for an outstanding TACACS+ response. Default is three seconds. Range: 1 to 60 |
AdminStatus |
The administrative status of this TACACS+ server entry, if set to up(1) the associated server will be used for authentication, authorization and accounting according the priority (see tacacspSrvPriority) and the current operational status (see tacacspSrvOperStatus). Otherwise this entry will not be considered for TACACS+ AAA requests. Enumerations: |
OperStatus |
The operational status of this TACACS+ server entry, the status blocked will be set after a failed TACACS+ request. If set to blocked(2) or down(3) this entry will not be considered for TACACS+ AAA requests. Enumerations: - up (1)
- blocked (2)
- down (3)
|
Policy |
If set to authoritative(1), a negative answer to a request will be accepted. This is not necessarily true when set to non-authoritative(2), where the next TACACS+ server will be asked until there is finally an authoritative(1) server configured. Enumerations: - authoritative (1)
- non-authoritative (2)
|
EncrMode |
If set to encrypt(1) the TACACS+ packet will be MD5 encrypted. Otherwise - if set to cleartext(2) - the packet and therefore all related information will be send unencrypted. This mode is intended for testing but not recommended for normal use. Enumerations: |
MultiSession |
If enabled(1) multiple TACACS+ sessions (subsequent TACACS+ requests) may be supported simultaneously over a single TCP connection. If multiple sessions are not being multiplexed over a single TCP connection, a new connection will be opened for each TACACS+ session and closed at the end of that session. Enumerations: |
PppAuth |
Enables the PPP authentication for the associated TACACS+ server. Enumerations: |
LoginAuth |
Enables the login authentication (shell) for the associated TACACS+ server. Enumerations: |
Accounting |
Enables the TACACS+ accounting for the associated TACACS+ server. Enumerations: |
BlockTimeout |
Timeout in seconds for the blocked status (see also tacacspSrvOperStatus), if expired, the operational status is set to up(1) or down(3) according the the current tacacspSrvAdminStatus. When set to zero, the operational status is never set to blocked. Range: 0 to 3600 |
AuthentNoResp |
Possible actions for the client when no response from servers : - allowing the connection to the router by local login pwd (2) - or stop the negociation (3). Enumerations: - connection-bydefault (1)
- connection-bylocalloginpwd (2)
- connection-forbidden (3)
|
AuthentNegResp |
Possible actions for the client when negative response : from servers. - allowing the connection to the router by local login pwd (2) - or stop the negociation (3). Enumerations: - connection-bydefault (1)
- connection-bylocalloginpwd (2)
- connection-forbidden (3)
|
PrivLvlOnLogin |
Configurable TACACS+ privilege level assigned after successful authentication procedure. This user-specific privilege level is needed for the subsequent command authorization request(s). Note that the user is free to change that initial privilege level via the 'enab<n>' command, provided that it's enabled on the TACACS+ server. If set to -1, this parameter will be ignored. Range: -1 to 15 |