Dell PowerConnect B-RX Configuration Manual page 163
Bigiron rx series supporting multi-service ironware v02.7.03
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
•
•
•
Setting the TACACS+ key
The key parameter in the tacacs-server command is used to encrypt TACACS+ packets before they
are sent over the network. The value for the key parameter on the device should match the one
configured on the TACACS+ server. The key can be from 1 – 32 characters in length and cannot
include any space characters.
NOTE
The tacacs-server key command applies only to TACACS+ servers, not to TACACS servers. If you are
configuring TACACS, do not configure a key on the TACACS server and do not enter a key on the
device.
To specify a TACACS+ server key, enter the following command.
BigIron RX(config)# tacacs-server key rkwong
Syntax: tacacs-server key [0 | 1] <string>
When you display the configuration of the device, the TACACS+ keys are encrypted.
BigIron RX(config)# tacacs-server key 1 abc
BigIron RX(config)# write terminal
...
tacacs-server host 1.2.3.5 auth-port 49
tacacs key 1 $!2d
NOTE
Encryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.
Setting the retransmission limit
The retransmit parameter specifies how many times the device will resend an authentication
request when the TACACS and TACACS+ server does not respond. The retransmit limit can be from
1 – 5 times. The default is 3 times.
To set the TACACS and TACACS+ retransmit limit, enter the following command.
BigIron RX(config)# tacacs-server retransmit 5
Syntax: tacacs-server retransmit <number>
BigIron RX Series Configuration Guide
53-1001986-01
Retransmit interval – This parameter specifies how many times the Brocade device will resend
an authentication request when the TACACS and TACACS+ server does not respond. The
retransmit value can be from 1 – 5 times. The default is 3 times.
Dead time – This parameter specifies how long the Brocade device waits for the primary
authentication server to reply before deciding the server is dead and trying to authenticate
using the next server. The dead-time value can be from 1 – 5 seconds. The default is 3
seconds.
Timeout – This parameter specifies how many seconds the Brocade device waits for a
response from a TACACS and TACACS+ server before either retrying the authentication request,
or determining that the TACACS and TACACS+ servers are unavailable and moving on to the
next authentication method in the authentication-method list. The timeout can be from 1 – 15
seconds. The default is 3 seconds.
Configuring TACACS and TACACS+ security
4
91
Advertisement
Chapters
Table of Contents
