Cisco MDS 9000 Series Configuration Manual page 94

About Validating a TACACS+ Server
About Validating a TACACS+ Server
As of Cisco SAN-OS Release 3.0(1), you can periodically validate a TACACS+ server. The switch sends a
test authentication to the server using the test username and test password that you configure. If the server
does not respond to the test authentication, then the server is considered nonresponding.
Note We recommend that you do not configure the test user on your TACACS+ server for security reasons.
You can configure this option to test the server periodically, or you can run a one-time only test.
Periodically Validating a TACACS+ Server
To configure the switch to periodically test a TACACS+ server using Fabric Manager, see the
TACACS+ Server Monitoring Parameters, on page 67
About Users Specifying a TACACS+ Server at Login
By default, an MDS switch forwards an authentication request to the first server in the TACACS+ server
group. You can configure the switch to allow the user to specify which TACACS+ server to send the
authenticate request. If you enable this feature, the user can log in as username@hostname , where the hostname
is the name of a configured TACACS+ server.
Note
User specified logins are supported only for Telnet sessions
Allowing Users to Specify a TACACS+ Server at Login
To allow users logging into an MDS switch to select a TACACS+ server for authentication, follow these
steps:
Procedure
Step 1 switch# configure terminal
Enters configuration mode.
Step 2
switch(config)# tacacs-server directed-request
Allows users to specify a TACACS+ server to send the authentication request when logging in.
Step 3 switch(config)# no tacacs-server directed-request
Reverts to sending the authentication request to the first server in the server group (default).
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
76
Configuring Security Features on an External AAA Server
section.
Configuring