Setting Optional Tacacs/Tacacs+ Parameters - Dell PowerConnect B-FCXs Configuration Manual
Powerconnect b-series fcx
Hide thumbs
Also See for PowerConnect B-FCXs:
- Hardware installation manual (86 pages) ,
- User manual (152 pages) ,
- Getting started manual (260 pages)
Table of Contents
Advertisement
32
Configuring TACACS/TACACS+ security
After authentication takes place, the server that performed the authentication is used for
authorization and accounting. If the authenticating server cannot perform the requested function,
then the next server in the configured list of servers is tried; this process repeats until a server that
can perform the requested function is found, or every server in the configured list has been tried.
Setting optional TACACS/TACACS+ parameters
You can set the following optional parameters in a TACACS/TACACS+ configuration:
•
•
•
•
Setting the TACACS+ key
The key parameter in the tacacs-server command is used to encrypt TACACS+ packets before they
are sent over the network. The value for the key parameter on the Dell PowerConnect device should
match the one configured on the TACACS+ server. The key can be from 1 – 32 characters in length
and cannot include any space characters.
NOTE
The tacacs-server key command applies only to TACACS+ servers, not to TACACS servers. If you are
configuring TACACS, do not configure a key on the TACACS server and do not enter a key on the Dell
PowerConnect device.
To specify a TACACS+ server key, enter a command such as following.
PowerConnect(config)#tacacs-server key rkwong
Syntax: tacacs-server key [0 | 1] <string>
When you display the configuration of the Dell PowerConnect device, the TACACS+ keys are
encrypted. For example.
PowerConnect(config)#tacacs-server key 1 abc
PowerConnect(config)#write terminal
...
tacacs-server host 1.2.3.5 auth-port 49
tacacs key 1 $!2d
NOTE
Encryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.
1172
TACACS+ key – This parameter specifies the value that the Dell PowerConnect device sends to
the TACACS+ server when trying to authenticate user access.
Retransmit interval – This parameter specifies how many times the Dell PowerConnect device
will resend an authentication request when the TACACS/TACACS+ server does not respond.
The retransmit value can be from 1 – 5 times. The default is 3 times.
Dead time – This parameter specifies how long the Dell PowerConnect device waits for the
primary authentication server to reply before deciding the server is dead and trying to
authenticate using the next server. The dead-time value can be from 1 – 5 seconds. The
default is 3 seconds.
Timeout – This parameter specifies how many seconds the Dell PowerConnect device waits for
a response from a TACACS/TACACS+ server before either retrying the authentication request,
or determining that the TACACS/TACACS+ servers are unavailable and moving on to the next
authentication method in the authentication-method list. The timeout can be from 1 – 15
seconds. The default is 3 seconds.
PowerConnect B-Series FCX Configuration Guide
53-1002266-01
Advertisement
Table of Contents
Troubleshooting
