Configuring Authentication-Method Lists For Tacacs/Tacacs - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.7.02
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
4
Configuring TACACS/TACACS+ security
Setting the timeout parameter
The timeout parameter specifies how many seconds the Brocade device waits for a response from
the TACACS/TACACS+ server before either retrying the authentication request, or determining that
the TACACS/TACACS+ server is unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.
BigIron RX(config)# tacacs-server timeout 5
Syntax: tacacs-server timeout <number>
Configuring authentication-method lists for TACACS/TACACS+
You can use TACACS/TACACS+ to authenticate Telnet/SSH access and access to Privileged EXEC
level and CONFIG levels of the CLI. When configuring TACACS/TACACS+ authentication, you create
authentication-method lists specifically for these access methods, specifying TACACS/TACACS+ as
the primary authentication method.
Within the authentication-method list, TACACS/TACACS+ is specified as the primary authentication
method and up to six backup authentication methods are specified as alternates. If
TACACS/TACACS+ authentication fails due to an error, the device tries the backup authentication
methods in the order they appear in the list.
When you configure authentication-method lists for TACACS/TACACS+ authentication, you must
create a separate authentication-method list for Telnet/SSH CLI access, and for access to the
Privileged EXEC level and CONFIG levels of the CLI.
To create an authentication-method list that specifies TACACS/TACACS+ as the primary
authentication method for securing Telnet/SSH access to the CLI.
BigIron RX(config)# enable telnet authentication
BigIron RX(config)# aaa authentication login default tacacs local
The commands above cause TACACS/TACACS+ to be the primary authentication method for
securing Telnet/SSH access to the CLI. If TACACS/TACACS+ authentication fails due to an error
with the server, authentication is performed using local user accounts instead.
To create an authentication-method list that specifies TACACS/TACACS+ as the primary
authentication method for securing access to Privileged EXEC level and CONFIG levels of the CLI.
BigIron RX(config)# aaa authentication enable default tacacs local none
The command above causes TACACS/TACACS+ to be the primary authentication method for
securing access to Privileged EXEC level and CONFIG levels of the CLI. If TACACS/TACACS+
authentication fails due to an error with the server, local authentication is used instead. If local
authentication fails, no authentication is used; the device automatically permits access.
For information on the command syntax, refer to
"Examples of authentication-method lists"
on
page 111.
NOTE
For examples of how to define authentication-method lists for types of authentication other than
TACACS/TACACS+, refer to
"Configuring authentication-method lists"
on page 109.
88
BigIron RX Series Configuration Guide
53-1001810-01
Advertisement
Table of Contents
