跳转到内容
AsterNOS
Ask AI

Tacacs

此内容尚不支持你的语言。

This chapter provides examples of how to configure and manage TACACS+ on AsterNOS devices using NETCONF.

Configure TACACS+ Configuration

Section titled “Configure TACACS+ Configuration”
<config><top>
  <tacacs>
    <servers>
      <server>
        <ip>192.168.0.78</ip>
        <auth-type>chap</auth-type>
        <timeout>10</timeout>
        <shared-secret>asteros</shared-secret>
        <priority>8</priority>
        <port>49</port>
        <vrf>mgmt</vrf>
      </server>
    <server>
      <ip>192.168.15.155</ip>
      <auth-type>login</auth-type>
      <shared-secret>asteross</shared-secret>
      <priority>64</priority>
    </server>
  </servers>
  <global>
    <timeout>10</timeout>
    <shared-secret>asteros</shared-secret>
    <auth-type>pap</auth-type>
  </global>
  </tacacs>
</top></config>

Response example

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:61d9c29d-5fad-4c31-afe2-581b1e578e42">
  <ok/>
</rpc-reply>

Delete TACACS+ Server

Section titled “Delete TACACS+ Server”

Request example to delete all TACACS+ servers via edit-config

<config><top>
  <tacacs>
    <servers operation="delete"/>
  </tacacs>
</top></config>

Response example

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:f1d40e93-d9df-40ca-a6bb-1738940e0659">
  <ok/>
</rpc-reply>

Request example to delete a specific TACACS+ server via edit-config

<config><top>
  <tacacs>
    <servers>
      <server operation="delete">
        <ip>192.168.15.155</ip>
      </server>
    </servers>
  </tacacs>
</top></config>

Response example

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:008c5cab-b16c-456a-8e5c-199f41490df4">
  <ok/>
</rpc-reply>

Show TACACS+

Section titled “Show TACACS+”

This RPC retrieves the current TACACS+ configuration in CLI format.

Request example to show TACACS+ configuration via show-tacacs

<show-tacacs/>

Response example

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:9698dffa-7934-4599-a557-ec42f4413857">
  <data xmlns="http://asterfusion.com/ns/yang/asternos-tacacs">
    <global-result>
      TACPLUS global auth_type pap
      TACPLUS global timeout 10
      TACPLUS global passkey asteros
    </global-result>
    <server-result>
      TACPLUS_SERVER address 192.168.0.78
                    ip 192.168.0.78
                    auth-type chap
                    shared-secret asteros
                    priority 8
                    port 49
                    timeout 10
                    vrf mgmt
    </server-result>
  </data>
</rpc-reply>

Show TACACS+ Server Status

Section titled “Show TACACS+ Server Status”

This RPC retrieves the current TACACS+ server status.

Request example to show TACACS+ server status via show-tacacs-server-status

<show-tacacs-server-status/>

Response example

<rpc-reply xmlns="urn:ietf:params:xml:ns:netconf:base:1.0" message-id="urn:uuid:d7f5e055-3e5b-46f9-ba9e-10aa2d0b6c62">
  <data>
    <server-result>
    SERVER IP     STATUS
    ------------  --------
    192.168.0.78  online
    </server-result>
  </data>
</rpc-reply>