Identifying The Tacacs And Tacacs+ Servers; Specifying Different Servers For Individual Aaa Functions - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.8.00
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1436 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
4
Configuring TACACS and TACACS+ security
Identifying the TACACS and TACACS+ servers
To use TACACS and TACACS+ servers to authenticate access to adevice, you must identify the
servers to the device.
For example, to identify three TACACS and TACACS+ servers, enter commands such as the
following.
BigIron RX(config)# tacacs-server host 207.94.6.161
BigIron RX(config)# tacacs-server host 207.94.6.191
BigIron RX(config)# tacacs-server host 207.94.6.122
Syntax: tacacs-server host <ip-addr> |ipv6<ipv6-addr> |<hostname> [auth-port <number>]
The <ip-addr> |<hostname> parameter specifies the IP address or host name of the server. You
can enter up to eight tacacs-server host commands to specify up to eight different servers.
NOTE
To specify the server's host name instead of its IP address, you must first identify a DNS server using
the ip dns server-address <ip-addr> command at the global CONFIG level.
If you add multiple TACACS and TACACS+ authentication servers to the device, the device tries to
reach them in the order you add them. For example, if you add three servers in the following order,
the software tries the servers in the same order.
1. 207.94.6.161
2. 207.94.6.191
3. 207.94.6.122
You can remove a TACACS and TACACS+ server by entering no followed by the tacacs-server
command. For example, to remove 207.94.6.161, enter the following command.
BigIron RX(config)# no tacacs-server host 207.94.6.161
NOTE
If you erase a tacacs-server command (by entering "no" followed by the command), make sure you
also erase the aaa commands that specify TACACS and TACACS+ as an authentication method.
(Refer to
Otherwise, when you exit from the CONFIG mode or from a Telnet session, the system continues to
believe it is TACACS and TACACS+ enabled and you will not be able to access the system.
The auth-port parameter specifies the UDP (for TACACS) or TCP (for TACACS+) port number of the
authentication port on the server. The default port number is 49.
Specifying different servers for individual AAA functions
In a TACACS+ configuration, you can designate a server to handle a specific AAA task. For example,
you can designate one TACACS+ server to handle authorization and another TACACS+ server to
handle accounting. You can set the TACACS+ key for each server.
To specify different TACACS+ servers for authentication, authorization, and accounting.
88
"Configuring authentication-method lists for TACACS and TACACS+"
on page 90.)
BigIron RX Series Configuration Guide
53-1002253-01
Advertisement
Table of Contents
