...

DANOS supports the use of multiple TACACS+ servers for resiliency purposes. When performing a TACACS+ transaction DANOS attempts to use servers in the highest → to the lowest priority order. Server priority is determined by order of configuration; the first configured server will have the highest priority with each subsequent server having a lower priority than the previous one. The show system tacplus status operational command displays output in priority order and can, therefore, be used to verify orderingthe order.

Configure use of a TACACS+ server by issuing the following command:

...

The show system tacplus status operational command can be used to check the operational status, and transaction statistics, of the various configured TACACS+ servers.

Session functionality

Authentication

…

Chain

…

...

Authorization

The capabilities of command authorization are much more coarse than ACM. For example, when loading a configuration using the "load" command, ACM is able to authorize all of the actual configuration being loaded. Command authorization on the other hand will simply authorize "load <file>". Therefore when command authorization is enabled and a user is permitted to run "load", we are implicitly saying that the user is allowed to change any configuration on the system.

Accounting

To enable command accounting for all users issue the following configuration command:

...