Procedure to disable local admin and enforce TACACS/TACACS+ authentication on PacketShaper
Last Updated June 17, 2019
You would like to disable the default look and touch user accounts and enforce the TACACS/TACACS+ Authentication method to gain management access to the PacketShaper.
Make sure you have TACACS/TACACS+ Authentication setup on your PacketShaper.
To force the PacketShaper to only accept TACACS/TACACS+ user account authentication and disable the local look/touch user accounts, issue the command:
sys set strictTacacs 1
To revert this setting and re-enable the local/touch user accounts and not just accept the TACACS/TACACS+ user account authentication, issue the following command:
sys set strictTacacs 0
Note: PacketShaper local authentication will still be in a disabled state even if the TACACS/TACACS+ server is down. Connecting to the console port is the only way to log into the PacketShaper using the local credentials when the "strictTacacs" system Variable is enabled.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe