Table of Contents
Advertisement
Foundry Switch and Router Installation and Configuration Guide
Setting the Retransmission Limit
The retransmit parameter specifies how many times the Foundry device will resend an authentication request
when the TACACS/TACACS+ server does not respond. The retransmit limit can be from 1 – 5 times. The default
is 3 times.
To set the TACACS/TACACS+ retransmit limit:
BigIron(config)# tacacs-server retransmit 5
Syntax: tacacs-server retransmit <number>
Setting the Dead Time Parameter
The dead-time parameter specifies how long the Foundry device waits for the primary authentication server to
reply before deciding the server is dead and trying to authenticate using the next server. The dead-time value can
be from 1 – 5 seconds. The default is 3 seconds.
To set the TACACS/TACACS+ dead-time value:
BigIron(config)# tacacs-server dead-time 5
Syntax: tacacs-server dead-time <number>
Setting the Timeout Parameter
The timeout parameter specifies how many seconds the Foundry device waits for a response from the TACACS/
TACACS+ server before either retrying the authentication request, or determining that the TACACS/TACACS+
server is unavailable and moving on to the next authentication method in the authentication-method list. The
timeout can be from 1 – 15 seconds. The default is 3 seconds.
BigIron(config)# tacacs-server timeout 5
Syntax: tacacs-server timeout <number>
Configuring Authentication-Method Lists for TACACS/TACACS+
You can use TACACS/TACACS+ to authenticate Telnet/SSH access and access to Privileged EXEC level and
CONFIG levels of the CLI. When configuring TACACS/TACACS+ authentication, you create authentication-
method lists specifically for these access methods, specifying TACACS/TACACS+ as the primary authentication
method.
Within the authentication-method list, TACACS/TACACS+ is specified as the primary authentication method and
up to six backup authentication methods are specified as alternates. If TACACS/TACACS+ authentication fails
due to an error, the device tries the backup authentication methods in the order they appear in the list.
When you configure authentication-method lists for TACACS/TACACS+ authentication, you must create a
separate authentication-method list for Telnet/SSH CLI access, and for access to the Privileged EXEC level and
CONFIG levels of the CLI.
To create an authentication-method list that specifies TACACS/TACACS+ as the primary authentication method for
securing Telnet/SSH access to the CLI:
BigIron(config)# enable telnet authentication
BigIron(config)# aaa authentication login default tacacs local
The commands above cause TACACS/TACACS+ to be the primary authentication method for securing Telnet/SSH
access to the CLI. If TACACS/TACACS+ authentication fails due to an error with the server, authentication is
performed using local user accounts instead.
To create an authentication-method list that specifies TACACS/TACACS+ as the primary authentication method for
securing access to Privileged EXEC level and CONFIG levels of the CLI:
BigIron(config)# aaa authentication enable default tacacs local none
The command above causes TACACS/TACACS+ to be the primary authentication method for securing access to
Privileged EXEC level and CONFIG levels of the CLI. If TACACS/TACACS+ authentication fails due to an error
3 - 24
December 2000
- Quick Links:
- Configuring Ip Addresses
Hide quick links:
Advertisement
Chapters
Table of Contents
