Nortel Networks ALTEON OS BMD00007 User Manual

Alteon OS Command Reference

188

„

The Configuration Menu

BMD00007, November 2007

Table 6-6 TACACS+ Server Menu Options (/cfg/sys/tacacs)

Command Syntax and Usage

prisrv

Defines the primary TACACS+ server address.

secsrv

Defines the secondary TACACS+ server address.

secret

<1-32 character secret>

This is the shared secret between the switch and the TACACS+ server(s).

secret2

<1-32 character secret>

This is the secondary shared secret between the switch and the TACACS+ server(s).

port

Enter the number of the TCP port to be configured, between 1 - 65000. The default is 49.

retries <

TACACS server retries, 1-3>

Sets the number of failed authentication requests before switching to a different TACACS+ server.
The default is 3 requests.

timeout

Sets the amount of time, in seconds, before a TACACS+ server authentication attempt is consid-
ered to have failed. The default is 5 seconds.

bckdoor disable|enable

Enables or disables the TACACS+ back door for Telnet, SSH/SCP, or HTTP/HTTPS.

Enabling this feature allows you to bypass the TACACS+ servers. It is recommended that you use
Secure Backdoor to ensure the switch is secured, because Secure Backdoor disallows access through
the back door when the TACACS+ servers are responding.

The default is disabled.

To obtain the TACACS+ backdoor password for your GbESM, contact your IBM Service and
Support line.

secbd enable|disable

Enables or disables TACACS+ secure back door access through Telnet, SSH/SCP, or HTTP/
HTTPS only when the TACACS+ servers are not responding.

This feature is recommended to permit access to the switch when the TACACS+ servers become
unresponsive. If no back door is enabled, the only way to gain access when TACACS+ servers are
unresponsive is to use the back door via the console port.

The default is disabled.

cmap enable|disable

Enables or disables TACACS+ privilege-level mapping.

The default value is disabled.