API Guide
● (Optional) By default, the switch uses the default VRF instance to communicate with TACACS+ servers. You can optionally
configure a non-default or the management VRF instance for TACACS+ authentication in CONFIGURATION mode.
tacacs-server vrf management
tacacs-server vrf vrf-name
Configure TACACS+ server
OS10(config)# tacacs-server host 1.2.4.5 key mysecret
OS10(config)# ip tacacs source-interface loopback 2
Configure TACACS+ server for non-default VRFs
OS10(config)# ip vrf blue
OS10(conf-vrf)# exit
OS10(config)# tacacs-server vrf blue
View TACACS+ server configuration
OS10# show running-configuration
...
tacacs-server host 1.2.4.5 key 9
3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b
ip tacacs source-interface loopback 2
...
Delete TACACS+ server
OS10# no tacacs-server host 1.2.4.5
Enable AAA accounting
To record information about all user-entered commands, use the AAA accounting feature — not supported for RADIUS
accounting. AAA accounting records login and command information in OS10 sessions on console connections using the
console option and remote connections using the default option, such as Telnet and SSH.
AAA accounting sends accounting messages:
● Sends a start notice when a process begins, and a stop notice when the process ends using the start-stop option
● Sends only a stop notice when a process ends using the stop-only option
● No accounting notices are sent using the none option
● Logs all accounting notices in syslog using the logging option
● Logs all accounting notices on configured TACACS+ servers using the group tacacs+ option
Enable AAA accounting
● Enable AAA accounting in CONFIGURATION mode.
aaa accounting commands all {console | default} {start-stop | stop-only | none}
[logging] [group tacacs+]
The no version of this command disables AAA accounting.
AAA commands
aaa accounting
Enables AAA accounting.
Syntax
aaa accounting exec commands all {console | default} {start-stop | stop-
only | none} [logging] [group tacacs+]
Security 1031