Nortel Alteon OS 42C4911 Application Manual page 52

Alteon OS Application Guide
Configuring TACACS+ Authentication on the Switch
1. Turn TACACS+ authentication on, then configure the Primary and Secondary
TACACS+ servers.
>> Main# /cfg/sys/tacacs+
>> TACACS+ Server# on
Current status: OFF
New status:
>> TACACS+ Server# prisrv 10.10.1.1
Current primary TACACS+ server:
New pending primary TACACS+ server: 10.10.1.1
>> TACACS+ Server# secsrv 10.10.1.2
Current secondary TACACS+ server:
New pending secondary TACACS+ server: 10.10.1.2
2. Configure the TACACS+ secret and second secret.
>> TACACS+ Server# secret
Enter new TACACS+ secret: <1-32 character secret>
>> TACACS+ Server# secret2
Enter new TACACS+ second secret: <1-32 character secret>
C
AUTION
!
connection or through a secure management module connection, the secret may be transmitted
over the network as clear text.
3. If desired, you may change the default TCP port number used to listen to TACACS+.
The well-known port for TACACS+ is 49.
>> TACACS+ Server# port
Current TACACS+ port: 49
Enter new TACACS+ port [1-65000]: <port number>
4. Configure the number of retry attempts, and the timeout period.
>> TACACS+ Server# retries
Current TACACS+ server retries: 3
Enter new TACACS+ server retries [1-3]:
>> TACACS+ Server# time
Current TACACS+ server timeout: 5
Enter new TACACS+ server timeout [4-15]: 10(Enter the timeout period in minutes)
5. Apply and save the configuration.
52 Chapter 1: Accessing the Switch
ON
—If you configure the TACACS+ secret using any method other than a direct console
(Select the TACACS+ Server menu)
(Turn TACACS+ on)
(Enter primary server IP)
0.0.0.0
(Enter secondary server IP)
0.0.0.0
< server retries>
42C4911, January 2007