Procedure to disable local admin and enforce TACACS/TACACS+ authentication on PacketShaper

book

Article ID: 170606

calendar_today

Updated On:

Products

PacketShaper S-Series PacketShaper

Issue/Introduction

You would like to disable the default look and touch user accounts and enforce the TACACS/TACACS+ Authentication method to gain management access to the PacketShaper.

Resolution

Make sure you have TACACS/TACACS+ Authentication setup on your PacketShaper.

To force the PacketShaper to only accept TACACS/TACACS+ user account authentication and disable the local look/touch user accounts, issue the command: 

  • sys set strictTacacs 1 

To revert this setting and re-enable the local/touch user accounts and not just accept the TACACS/TACACS+ user account authentication, issue the following command:

  • sys set strictTacacs 0 

Note: PacketShaper local authentication will still be in a disabled state even if the TACACS/TACACS+ server is down. Connecting to the console port is the only way to log into the PacketShaper using the local credentials when the "strictTacacs" system Variable is enabled.