Tacacs/tacacs+ configuration considerations, Configuring tacacs – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual
Page 47
AAA security for commands pasted into the running-config
If AAA security is enabled on the device, commands pasted into the running-config are subject to the
same AAA operations as if they were entered manually.
When you paste commands into the running-config, and AAA command authorization or accounting, or
both, are configured on the device, AAA operations are performed on the pasted commands. The AAA
operations are performed before the commands are actually added to the running-config. The server
performing the AAA operations should be reachable when you paste the commands into the running-
config file. If the device determines that a pasted command is invalid, AAA operations are halted on the
remaining commands. The remaining commands may not be executed if command authorization is
configured.
TACACS/TACACS+ configuration considerations
• You must deploy at least one TACACS/TACACS+ server in your network.
• Brocade devices support authentication using up to eight TACACS/TACACS+ servers. The device
tries to use the servers in the order you add them to the device configuration.
• You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+
as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS
authentication as a primary method for the same type of access. However, you can configure backup
authentication methods for each access type.
• You can configure the Brocade device to authenticate using a TACACS or TACACS+ server, not
both.
Configuring TACACS
Follow the procedure given below for TACACS configurations.
1. Identify TACACS servers. Refer to
Identifying the TACACS/TACACS+ servers
on page 48.
2. Set optional parameters. Refer to
Setting optional TACACS and TACACS+ parameters
49.
3. Configure authentication-method lists. Refer to
Configuring authentication-method lists forTACACS
Configuring TACACS+
Follow the procedure given below for TACACS+ configurations.
1. Identify TACACS+ servers. Refer to
Identifying the TACACS/TACACS+ servers
on page 48.
2. Set optional parameters. Refer to
Setting optional TACACS and TACACS+ parameters
49.
3. Configure authentication-method lists. Refer to
Configuring authentication-method lists forTACACS
on page 50.
4. Optionally configure TACACS+ authorization. Refer to
Configuring TACACS+ authorization
on page
53.
5. Optionally configure TACACS+ accounting. Refer to
TACACS+ accounting configuration
55.
AAA security for commands pasted into the running-config
FastIron Ethernet Switch Security Configuration Guide
47
53-1003088-03