Skip to content

TACACS Provider

Location in GUI: Admin » AAA » Authentication » TACACS

Diagram
NameTypeConstraintMandatoryDefault Value
tacacs_providersList[tacacs_providers]No

tacacs_providers (apic.fabric_policies.aaa)

Section titled “tacacs_providers (apic.fabric_policies.aaa)”
NameTypeConstraintMandatoryDefault Value
hostname_ipAnyString[Regex: ^[a-zA-Z0-9:][a-zA-Z0-9.:-]{0,254}$] or IPYes
descriptionStringRegex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$No
portIntegermin: 0, max: 65535No49
protocolChoicepap, chap, mschapNopap
keyStringNo
timeoutIntegermin: 0, max: 60No5
retriesIntegermin: 0, max: 5No1
mgmt_epgChoiceinb, oobNoinb
monitoringBooleantrue, falseNofalse
monitoring_usernameStringRegex: ^[a-zA-Z0-9][a-zA-Z0-9_.@-]{0,31}$No
monitoring_passwordStringNo

Example 1: In this example we configure 2 TACACS+ servers which use CHAP and are reachable over the out-of-band connection, where the timeout is set to 5s and only 1 retry will be made.

apic:
fabric_policies:
aaa:
tacacs_providers:
- hostname_ip: 11.11.11.1
description: TACACS Server 1
protocol: chap
timeout: 5
retries: 1
key: myKey
mgmt_epg: oob
- hostname_ip: 11.11.11.2
description: TACACS Server 2
protocol: chap
timeout: 5
retries: 1
key: myKey
mgmt_epg: oob