Tacacs/Tacacs+ Configuration Considerations - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.7.02
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
4
Configuring TACACS/TACACS+ security
User action
User enters other commands
AAA security for commands pasted Into the running configuration
If AAA security is enabled on the device, commands pasted into the running configuration are
subject to the same AAA operations as if they were entered manually.
When you paste commands into the running configuration, and AAA command authorization or
accounting is configured on the device, AAA operations are performed on the pasted commands.
The AAA operations are performed before the commands are actually added to the running
configuration. The server performing the AAA operations should be reachable when you paste the
commands into the running configuration file. If the device determines that a pasted command is
invalid, AAA operations are halted on the remaining commands. The remaining commands may not
be executed if command authorization is configured.
TACACS/TACACS+ configuration considerations
Consider the following before you configure TACACS/TACACS+:
•
•
•
•
TACACS configuration procedure
For TACACS configurations, use the following procedure.
1. Identify TACACS servers. Refer to
2. Set optional parameters. Refer to
3. Configure authentication-method lists. Refer to
TACACS+ configuration procedure
For TACACS+ configurations, use the following procedure.
1. Enable TACACS, refer to
2. Identify TACACS+ servers. Refer to
84
You must deploy at least one TACACS/TACACS+ server in your network.
The device supports authentication using up to eight TACACS/TACACS+ servers. The device
tries to use the servers in the order you add them to the device's configuration.
You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+
as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS
authentication as a primary method for the same type of access. However, you can configure
backup authentication methods for each access type.
You can configure the Brocade device to authenticate using a TACACS or TACACS+ server, not
both.
TACACS/TACACS+"
on page 88.
"Enabling SNMP to configure TACACS/TACACS"
Applicable AAA operations
Command authorization (TACACS+):
aaa authorization commands <privilege-level> default <method-list>
Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>
"Identifying the TACACS/TACACS+ servers"
"Setting optional TACACS/TACACS+ parameters"
"Configuring authentication-method lists for
"Identifying the TACACS/TACACS+ servers"
on page 85.
on page 86.
on page 85
on page 85.
BigIron RX Series Configuration Guide
53-1001810-01
Advertisement
Table of Contents
