Configuring An Interface As The Source For All Tacacs And Tacacs+ Packets; Displaying Tacacs And Tacacs+ Statistics And Configuration Information - Dell PowerConnect B-RX Configuration Manual
Bigiron rx series supporting multi-service ironware v02.7.03
Hide thumbs
Also See for PowerConnect B-RX:
- Configuration manual (1458 pages) ,
- Getting started manual (32 pages) ,
- Installation manual (240 pages)
Table of Contents
Advertisement
4
Configuring TACACS and TACACS+ security
Configuring an interface as the source for all TACACS
and TACACS+ packets
You can designate the lowest-numbered IP address configured an Ethernet port, loopback
interface, or virtual interface as the source IP address for all TACACS and TACACS+ packets from
the device. Identifying a single source IP address for TACACS and TACACS+ packets provides the
following benefits:
•
•
The software contains separate CLI commands for specifying the source interface for Telnet,
TACACS and TACACS+, and RADIUS packets. You can configure a source interface for one or more
of these types of packets.
To specify an Ethernet, loopback, or virtual interface as the source for all TACACS and TACACS+
packets from the device, use the following CLI method. The software uses the lowest-numbered IP
address configured on the port or interface as the source IP address for TACACS and TACACS+
packets originated by the device.
To specify the lowest-numbered IP address configured on a virtual interface as the device's source
for all TACACS and TACACS+ packets, enter commands such as the following.
BigIron RX(config)# int ve 1
BigIron RX(config-vif-1)# ip address 10.0.0.3/24
BigIron RX(config-vif-1)# exit
BigIron RX(config)# ip tacacs source-interface ve 1
The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the
interface, then designate the interface as the source for all TACACS and TACACS+ packets from the
device.
Syntax: ip tacacs source-interface ethernet <portnum> | loopback <num> | ve <num>
The <num> parameter is a loopback interface or virtual interface number. If you specify an
Ethernet, the <portnum> is the port's number (including the slot number, if you are configuring a
device).
Displaying TACACS and TACACS+ statistics and
configuration information
The show aaa command displays information about all TACACS+ and RADIUS servers identified on
the device.
98
If your TACACS and TACACS+ server is configured to accept packets only from specific links or
IP addresses, you can use this feature to simplify configuration of the TACACS and TACACS+
server by configuring the Brocade device to always send the TACACS and TACACS+ packets
from the same link or source address.
If you specify a loopback interface as the single source for TACACS and TACACS+ packets,
TACACS and TACACS+ servers can receive the packets regardless of the states of individual
links. Thus, if a link to the TACACS and TACACS+ server becomes unavailable but the client or
server can be reached through another link, the client or server still receives the packets, and
the packets still have the source IP address of the loopback interface.
BigIron RX Series Configuration Guide
53-1001986-01
Advertisement
Chapters
Table of Contents
