Configuring Authentication-Method Lists For Tacacs; And Tacacs - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series supporting multi-service ironware v02.7.03
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
4
Configuring TACACS and TACACS+ security
Setting the dead time parameter
The dead-time parameter specifies how long the device waits for the primary authentication server
to reply before deciding the server is dead and trying to authenticate using the next server. The
dead-time value can be from 1 – 5 seconds. The default is 3 seconds.
To set the TACACS and TACACS+ dead-time value, enter the following command.
BigIron RX(config)# tacacs-server dead-time 5
Syntax: tacacs-server dead-time <number>
Setting the timeout parameter
The timeout parameter specifies how many seconds the Brocade device waits for a response from
the TACACS and TACACS+ server before either retrying the authentication request, or determining
that the TACACS and TACACS+ server is unavailable and moving on to the next authentication
method in the authentication-method list. The timeout can be from 1 – 15 seconds. The default is
3 seconds.
BigIron RX(config)# tacacs-server timeout 5
Syntax: tacacs-server timeout <number>
Configuring authentication-method lists for TACACS
and TACACS+
You can use TACACS and TACACS+ to authenticate Telnet/SSH access and access to Privileged
EXEC level and CONFIG levels of the CLI. When configuring TACACS and TACACS+ authentication,
you create authentication-method lists specifically for these access methods, specifying TACACS
and TACACS+ as the primary authentication method.
Within the authentication-method list, TACACS and TACACS+ is specified as the primary
authentication method and up to six backup authentication methods are specified as alternates. If
TACACS and TACACS+ authentication fails due to an error, the device tries the backup
authentication methods in the order they appear in the list.
When you configure authentication-method lists for TACACS and TACACS+ authentication, you must
create a separate authentication-method list for Telnet/SSH CLI access, and for access to the
Privileged EXEC level and CONFIG levels of the CLI.
To create an authentication-method list that specifies TACACS and TACACS+ as the primary
authentication method for securing Telnet/SSH access to the CLI.
BigIron RX(config)# enable telnet authentication
BigIron RX(config)# aaa authentication login default tacacs local
The commands above cause TACACS and TACACS+ to be the primary authentication method for
securing Telnet/SSH access to the CLI. If TACACS and TACACS+ authentication fails due to an error
with the server, authentication is performed using local user accounts instead.
To create an authentication-method list that specifies TACACS and TACACS+ as the primary
authentication method for securing access to Privileged EXEC level and CONFIG levels of the CLI.
BigIron RX(config)# aaa authentication enable default tacacs local none
92
BigIron RX Series Configuration Guide
53-1001986-01
Advertisement
Chapters
Table of Contents
