Tacacs+ Server Configuration - HP 438031-B21 - 1:10Gb Ethernet BL-c Switch Cli Reference Manual
Hp 1:10gb ethernet bl-c switch for c-class bladesystem iscli reference guide
Hide thumbs
Also See for 438031-B21 - 1:10Gb Ethernet BL-c Switch:
- Reference manual (252 pages) ,
- Command reference manual (208 pages) ,
- Application manual (195 pages)
Table of Contents
Advertisement
TACACS+ server configuration
TACACS+ (Terminal Access Controller Access Control System) is an authentication protocol that allows a
remote access server to forward a user's logon password to an authentication server to determine whether
access can be allowed to a given system. TACACS+ and Remote Authentication Dial-In User Service
(RADIUS) protocols are more secure than the TACACS encryption protocol. TACACS+ is described in
RFC 1492.
TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Control Protocol
(TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS combines authentication
and authorization in a user profile, whereas TACACS+ separates the two operations.
TACACS+ offers the following advantages over RADIUS as the authentication device:
TACACS+ is TCP-based, so it facilitates connection-oriented traffic.
It supports full-packet encryption, as opposed to password-only in authentication requests.
It supports decoupled authentication, authorization, and accounting.
The following table describes the TACACS+ Server Configuration commands.
Table 80
TACACS+ Server Configuration commands
Command
[no] tacacs-server primary-host <IP
address> key <1-32 characters>
[no] tacacs-server secondary-host <IP
address> key <1-32 characters>
tacacs-server port <TCP port number>
tacacs-server retransmit <1-3>
tacacs-server timeout <4-15>
[no] tacacs-server telnet-backdoor
[no] tacacs-server secure-backdoor
Description
Defines the primary TACACS+ server address and shared
secret between the switch and the TACACS+ server(s).
Command mode: Global configuration
Defines the secondary TACACS+ server address and shared
secret between the switch and the TACACS+ server(s).
Command mode: Global configuration
Enter the number of the TCP port to be configured, between 1
and 65000. The default is 49.
Command mode: Global configuration
Sets the number of failed authentication requests before
switching to a different TACACS+ server. The range is 1-3
requests. The default is 3 requests.
Command mode: Global configuration
Sets the amount of time, in seconds, before a TACACS+
server authentication attempt is considered to have failed. The
range is 4-15 seconds. The default is 5 seconds.
Command mode: Global configuration
Enables or disables the TACACS+ back door for
telnet/SSH/HTTP/HTTPS. This command does not apply when
secure backdoor is enabled.
Command mode: Global configuration
Enables or disables the TACACS+ back door using secure
password for telnet/SSH/HTTP/HTTPS. This command does
not apply when backdoor (telnet) is enabled.
Command mode: Global configuration
Configuration Commands
104
Advertisement
Table of Contents
