beautypg.com

Enabling tacacs, Identifying the tacacs/tacacs+ servers, Identify tacacs+ servers. refer to – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 48

background image

Enabling TACACS

TACACS is disabled by default. To configure TACACS/TACACS+ authentication parameters, you
must enable TACACS by entering the following command.

device(config)#enable snmp config-tacacs

Syntax: [no] enable snmp [ config-radius | config-tacacs ]

The config-radius parameter specifies the RADIUS configuration mode. RADIUS is disabled by
default.

The config-tacacs parameter specifies the TACACS configuration mode. TACACS is disabled by
default.

Identifying the TACACS/TACACS+ servers

To use TACACS/TACACS+ servers to authenticate access to a Brocade device, you must identify the
servers to the Brocade device.

For example, to identify three TACACS/TACACS+ servers, enter commands such as the following.

device(config)#tacacs-server host 10.94.6.161

device(config)#tacacs-server host 10.94.6.191

device(config)#tacacs-server host 10.94.6.122

Syntax: tacacs-server host { ip-addr |ipv6-addr | server-name } [ auth-port number ] [ acct-
portnumber]

The ip-addr | ipv6-addr | hostname parameter specifies the IP address or host name of the server. You
can enter up to eight tacacs-server host commands to specify up to eight different servers.

NOTE
To specify the server's host name instead of its IP address, you must first identify a DNS server using
the ip dns server-address ip-addr command at the global CONFIG level.

If you add multiple TACACS/TACACS+ authentication servers to the Brocade device, the device tries
to reach them in the order you add them. For example, if you add three servers in the following order,
the software tries the servers in the same order.

1. 10.94.6.161
2. 10.94.6.191
3. 10.94.6.122

You can remove a TACACS/TACACS+ server by entering no followed by the tacacs-server
command. For example, to remove 10.94.6.161, enter the following command.

device(config)#no tacacs-server host 10.94.6.161

NOTE
If you erase a tacacs-server command (by entering "no" followed by the command), make sure you
also erase the aaa commands that specify TACACS/TACACS+ as an authentication method. (Refer
to

Configuring authentication-method lists forTACACS and TACACS+

on page 50.) Otherwise,

when you exit from the CONFIG mode or from a Telnet session, the system continues to believe it
is TACACS/TACACS+ enabled and you will not be able to access the system.

Enabling TACACS

48

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: