beautypg.com

Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 43

background image

Configuring TACACS/TACACS+ for devices in a Brocade traditional stack

Becausedevices operating in a Brocade traditional stack topology present multiple console ports, you
must take additional steps to secure these ports when configuring TACACS/TACACS+.

The following is a sample AAA console configuration using TACACS+.

aaa authentication login default tacacs+ enable

aaa authentication login privilege-mode

aaa authorization commands 0 default tacacs+

aaa authorization exec default tacacs+

aaa accounting commands 0 default start-stop tacacs+

aaa accounting exec default start-stop tacacs+

aaa accounting system default start-stop tacacs+

enable aaa console

hostname Fred

ip address 10.10.6.56/255

tacacs-server host 255.253.255

tacacs-server key 2 $d3NpZ0BVXFpJ

kill console

Syntax: kill console [ all | unit ]

all - logs out all console port on stack units that are not the Active Controller
unit - logs out the console port on a specified unit

Once AAA console is enabled, you should log out any open console ports on your traditional stack
using the kill console command:

device(config)#kill console all

In case a user forgets to log out or a console is left unattended, you can also configure the console
timeout (in minutes) on all stack units (including the Active Controller).

device(config)#stack unit 3

device(config-unit-3)#console timeout 5

device(config-unit-3)#exit

device(config)#stack unit 4

device(config-unit-4)#console timeout 5

Use the show who and the show telnet commands to confirm the status of console sessions.

stack9#show who

Console connections (by unit number):

1 established

you are connecting to this session

4 seconds in idle

2 established

1 hours 3 minutes 12 seconds in idle

3 established

1 hours 3 minutes 9 seconds in idle

4 established

1 hours 3 minutes 3 seconds in idle

Telnet connections (inbound):

1 closed

2 closed

3 closed

4 closed

5 closed

Telnet connection (outbound):

6 closed

SSH connections:

1 closed

2 closed

3 closed

4 closed

5 closed

stack9#

stack9#show telnet

Console connections (by unit number):

1 established

Configuring TACACS/TACACS+ for devices in a Brocade traditional stack

FastIron Ethernet Switch Security Configuration Guide

43

53-1003088-03

See also other documents in the category Brocade Computer Accessories: