Setting Optional Tacacs And Tacacs+ Parameters - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series configuration guide v02.8.00
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1436 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
BigIron RX(config)# tacacs-server host 1.2.3.4 auth-port 49 authentication-only
key abc
BigIron RX(config)# tacacs-server host 1.2.3.5 auth-port 49 authorization-only
key def
BigIron RX(config)# tacacs-server host 1.2.3.6 auth-port 49 accounting-only
key ghi
Syntax: tacacs-server host <ip-addr> | ipv6<ipv6-addr> | <server-name> [auth-port <number>
The default parameter causes the server to be used for all AAA functions.
After authentication takes place, the server that performed the authentication is used for
authorization or accounting. If the authenticating server cannot perform the requested function,
then the next server in the configured list of servers is tried; this process repeats until a server that
can perform the requested function is found, or every server in the configured list has been tried.
Setting optional TACACS and TACACS+ parameters
You can set the following optional parameters in a TACACS and TACACS+ configuration:
•
•
•
•
Setting the TACACS+ key
The key parameter in the tacacs-server command is used to encrypt TACACS+ packets before they
are sent over the network. The value for the key parameter on the device should match the one
configured on the TACACS+ server. The key can be from 1 – 32 characters in length and cannot
include any space characters.
NOTE
The tacacs-server key command applies only to TACACS+ servers, not to TACACS servers. If you are
configuring TACACS, do not configure a key on the TACACS server and do not enter a key on the
device.
To specify a TACACS+ server key, enter the following command.
BigIron RX(config)# tacacs-server key rkwong
Syntax: tacacs-server key [0 | 1] <string>
BigIron RX Series Configuration Guide
53-1002253-01
[authentication-only | authorization-only | accounting-only | default] [key <string>]]
TACACS+ key – This parameter specifies the value that the Brocade device sends to the
TACACS+ server when trying to authenticate user access.
Retransmit interval – This parameter specifies how many times the Brocade device will resend
an authentication request when the TACACS and TACACS+ server does not respond. The
retransmit value can be from 1 – 5 times. The default is 3 times.
Dead time – This parameter specifies how long the Brocade device waits for the primary
authentication server to reply before deciding the server is dead and trying to authenticate
using the next server. The dead-time value can be from 1 – 5 seconds. The default is 3
seconds.
Timeout – This parameter specifies how many seconds the Brocade device waits for a
response from a TACACS and TACACS+ server before either retrying the authentication request,
or determining that the TACACS and TACACS+ servers are unavailable and moving on to the
next authentication method in the authentication-method list. The timeout can be from 1 – 15
seconds. The default is 3 seconds.
Configuring TACACS and TACACS+ security
4
89
Advertisement
Table of Contents
