Foundry Networks Switch and Router Installation And Configuration Manual page 92

Foundry Switch and Router Installation and Configuration Guide
The software contains separate CLI commands for specifying the source interface for Telnet, TACACS/TACACS+,
and RADIUS packets. You can configure a source interface for one or more of these types of packets.
To specify an Ethernet or POS port or a loopback or virtual interface as the source for all TACACS/TACACS+
packets from the device, use the following CLI method. The software uses the lowest-numbered IP address
configured on the port or interface as the source IP address for TACACS/TACACS+ packets originated by the
device.
To specify the lowest-numbered IP address configured on a virtual interface as the device's source for all TACACS/
TACACS+ packets, enter commands such as the following:
BigIron(config)# int ve 1
BigIron(config-vif-1)# ip address 10.0.0.3/24
BigIron(config-vif-1)# exit
BigIron(config)# ip tacacs source-interface ve 1
The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the interface, then
designate the interface as the source for all TACACS/TACACS+ packets from the Layer 3 Switch.
Syntax: ip tacacs source-interface ethernet <portnum> | pos <portnum> | loopback <num> | ve <num>
The <num> parameter is a loopback interface or virtual interface number. If you specify an Ethernet or POS port,
the <portnum> is the port's number (including the slot number, if you are configuring a chassis device).
Displaying TACACS/TACACS+ Statistics and Configuration Information
The show aaa command displays information about all TACACS+ and RADIUS servers identified on the device.
For example:
BigIron# show aaa
Tacacs+ key: foundry
Tacacs+ retries: 1
Tacacs+ timeout: 15 seconds
Tacacs+ dead-time: 3 minutes
Tacacs+ Server: 207.95.6.90 Port:49:
no connection
Radius key: networks
Radius retries: 3
Radius timeout: 3 seconds
Radius dead-time: 3 minutes
Radius Server:
no connection
The following table describes the TACACS/TACACS+ information displayed by the show aaa command.
Table 3.3: Output of the show aaa command for TACACS/TACACS+
Field
Tacacs+ key
Tacacs+ retries
Tacacs+ timeout
Tacacs+ dead-time
3 - 28
opens=6 closes=3 timeouts=3 errors=0
packets in=4 packets out=4
207.95.6.90 Auth Port=1645 Acct Port=1646:
opens=2 closes=1 timeouts=1 errors=0
packets in=1 packets out=4
Description
The setting configured with the tacacs-server key command. At the Super User
privilege level, the actual text of the key is displayed. At the other privilege levels, a
string of periods (....) is displayed instead of the text.
The setting configured with the tacacs-server retransmit command.
The setting configured with the tacacs-server timeout command.
The setting configured with the tacacs-server dead-time command.
December 2000