Configuring The Tacacs+ Servers; Configuring The Tacacs+ Timeout Value; Configuring The Shared Secret Password For Tacacs+ Servers - Extreme Networks ExtremeWare XOS Guide Manual
Concepts guide
Hide thumbs
Also See for ExtremeWare XOS Guide:
- Command reference manual (2024 pages) ,
- Manual (496 pages) ,
- Command reference manual (970 pages)
Table of Contents
Advertisement
This section describes the following topics:
Configuring the TACACS+ Servers on page 331
●
Configuring the TACACS+ Timeout Value on page 331
●
●
Enabling and Disabling TACACS+ on page 332
●
TACACS+ Configuration Example on page 332
●
Configuring TACACS+ Accounting on page 333
●
Configuring the TACACS+ Accounting Timeout Value on page 333
●
●
Enabling and Disabling TACACS+ Accounting on page 334
●
TACACS+ Accounting Configuration Example on page 334
●
Configuring the TACACS+ Servers
To configure the TACACS+ servers, use the following command:
configure tacacs [primary | secondary] server [<ipaddress> | <hostname>] {<tcp_port>}
client-ip <ipaddress> {vr <vr_name>}
To configure the primary TACACS+ server, specify
server, specify
secondary
Configuring the TACACS+ Timeout Value
To configure the timeout if a server fails to respond, use the following command:
configure tacacs timeout <seconds>
To detect and recover from a TACACS+ server failure when the timeout has expired, the switch makes
one authentication attempt before trying the next designated TACACS+ server or reverting to the local
database for authentication. In the event that the switch still has IP connectivity to the TACACS+ server,
but a TCP session cannot be established, (such as a failed TACACS+ daemon on the server), fail over
happens immediately regardless of the configured timeout value.
For example, if the timeout value is set for 3 seconds (the default value), it will take 3 seconds to fail
over from the primary TACACS+ server to the secondary TACACS+ server. If both the primary and the
secondary servers fail or are unavailable, it takes approximately 6 seconds to revert to the local database
for authentication.
Configuring the Shared Secret Password for TACACS+ Servers
In addition to specifying the TACACS+ server IP information, TACACS+ also contains a means to verify
communication between network devices and the server. The shared secret is a password configured on
the network device and TACACS+ server, used by each to verify communication.
To configure the shared secret for TACACS+ servers, use the following command:
configure tacacs [primary | secondary] shared-secret {encrypted} <string>
To configure the primary TACACS+ server, specify
server, specify
secondary
ExtremeWare XOS 11.3 Concepts Guide
.
.
Authenticating Users Using RADIUS or TACACS+
. To configure the secondary TACACS+
primary
. To configure the secondary TACACS+
primary
331
Advertisement
Chapters
Table of Contents
Troubleshooting
