Skip to main content
Versa Networks

Configure TACACS+

  1. Last updated
  2. Save as PDF

Versa-logo-release-icon.pngFor supported software information, click here.

An Analytics system administrator may need to configure the Ubuntu operating system (for example, for configuring NTP) or configure the Analytics node itself using CLI. To do this the administrator establishes an SSH to the Analytics node. This SSH session can be authenticated using local authentication (that is, the Ubuntu user database) or remote authentication. For remote authentication, you can use TACACS+, and you can configure the Analytics node to be a TACACS+ server. You can configure up to four TACACS+ servers on each Analytics node.

After a user authenticates and starts using the Analytics node, every user action needs authorization. Analytics nodes currently support two roles:

  • admin—User has shell access and can view and edit the configuration.
  • oper (operator)—User does not have shell access and cannot edit the configuration. The user can view the configuration and run restricted operational commands.

To configure TACACS+ on Analytics nodes:

  1. Login to the shell on the Analytics node.
  2. Enter configuration mode. The prompt changes to % in configuration mode. 
    admin@Analytics$ cli
admin@Analytics> configure
admin@Analytics%
  3. Configure the order of authentication:
admin@Analytics% set system external-aaa auth-order authentication-order

auth-order can be one of the following:

Authentication Order Option Description
local-then-remote User is authenticated by checking the local database first, then the remote database.
remote-only User is authenticated by checking the remote database only.
remote-then-local User is authenticated by checking the remote database first. If the remote database is unreachable, the local database is then searched.

  1. Enter the IP address of the TACACS+ server and the corresponding TACACS+ key. You must configure the same key on the TACACS+ server and on the Analytics node or nodes. The key can consist of both numbers and letters, and it cannot include a hash mark (#) or spaces. You can configure up to four TACACS+ servers.

admin@Analytics% set system external-aaa tacacs-plus server IP-address key key-value
  1. Enter the action to be performed by the TACACS+ server. Options are authentication and accounting. You can select either authentication or both authentication and accounting.
admin@Analytics% set system external-aaa tacacs-plus action [ authentication accounting ]

Note: On the TACACS+ server, in the Groups > Service hierarchy, ensure that versa-user-group is configured as either admin or oper.

Supported Software Information

Releases 20.2.1 and later support all content described in this article.

Additional Information

Configure AAA (on Director nodes)
Configure AAA (on Versa Operating SystemTM [VOSTM] devices)

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    1. TACACS