Configuring Tacacs+ Accounting; Configuring The Tacacs+ Accounting Timeout Value; Configuring The Shared Secret Password For Tacacs+ Accounting Servers - Extreme Networks ExtremeWare XOS Guide Manual

Server IP Port:
Client address:
Shared secret :
TACACS+ Acct Server Connect Timeout sec: 3
Primary TACACS+ Accounting Server:Not configured
Secondary TACACS+ Accounting Server:Not configured

Configuring TACACS+ Accounting

Extreme Networks switches are capable of sending TACACS+ accounting information. As with
TACACS+ authentication, you can specify two servers for receipt of accounting information.
To specify TACACS+ accounting servers, use the following command:
configure tacacs-accounting [primary | secondary] server [<ipaddress> | <hostname>]
{<udp_port>} client-ip <ipaddress> {vr <vr_name>}
To configure the primary TACACS+ accounting server, specify
TACACS+ accounting server, specify

Configuring the TACACS+ Accounting Timeout Value

To configure the timeout if a server fails to respond, use the following command:
configure tacacs-accounting timeout <seconds>
To detect and recover from a TACACS+ accounting server failure when the timeout has expired, the
switch makes one authentication attempt before trying the next designated TACACS+ accounting server
or reverting to the local database for authentication. In the event that the switch still has IP connectivity
to the TACACS+ accounting server, but a TCP session cannot be established, (such as a failed TACACS+
daemon on the accounting server), fail over happens immediately regardless of the configured timeout
value.
For example, if the timeout value is set for 3 seconds (the default value), it takes 3 seconds to fail over
from the primary TACACS+ accounting server to the secondary TACACS+ accounting server. If both
the primary and the secondary servers fail or are unavailable, it takes approximately 6 seconds to revert
to the local database for authentication.

Configuring the Shared Secret Password for TACACS+ Accounting Servers

TACACS+ accounting also uses the shared secret password mechanism to validate communication
between network access devices and TACACS+ accounting servers.
To specify shared secret passwords for TACACS+ accounting servers, use the following command:
configure tacacs-accounting [primary | secondary] shared-secret {encrypted} <string>
To configure the primary TACACS+ accounting server, specify
TACACS+ accounting server, specify
Do not use the
encrypted
the output of the
show configuration
output.
ExtremeWare XOS 11.3 Concepts Guide
49
10.201.31.85 (VR-Default)
purple
.
secondary
.
secondary
keyword to set the shared secret. The
command, so the shared secret is not revealed in the command
Authenticating Users Using RADIUS or TACACS+
. To configure the secondary
primary
. To configure the secondary
primary
keyword is primarily for
encrypted
333