beautypg.com

Setting the retransmission limit, Setting the timeout parameter, Tacacs – Brocade FastIron Ethernet Switch Security Configuration Guide User Manual

Page 50: Configuring authentication-method lists fortacacs, And tacacs

background image

To specify a TACACS+ server key, enter a command such as following.

device(config)#tacacs-server key rkwong

Syntax: tacacs-server key [ 0 ] string

When you display the configuration of the Brocade device, the TACACS+ keys are encrypted. For
example.

device(config)#

tacacs-server key abc

device(config)#write terminal

...

tacacs-server host 10.2.3.5 auth-port 49

tacacs key 2$!2d

NOTE
Encryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.

Setting the retransmission limit

The retransmit parameter specifies how many times the Brocade device will resend an authentication
request when the TACACS/TACACS+ server does not respond. The retransmit limit can be from 1 - 5
times. The default is 3 times.

To set the TACACS and TACACS+ retransmit limit, enter a command such as the following.

device(config)#tacacs-server retransmit 5

Syntax: tacacs-server retransmit number

Setting the timeout parameter

The timeout parameter specifies how many seconds the Brocade device waits for a response from
the TACACS/TACACS+ server before either retrying the authentication request, or determining that
the TACACS/TACACS+ server is unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 - 15 seconds. The default is 3 seconds.

device(config)#tacacs-server timeout 5

Syntax: tacacs-server timeout number

Configuring authentication-method lists forTACACS and TACACS+

You can use TACACS/TACACS+ to authenticate Telnet/SSH access and access to Privileged EXEC
level and CONFIG levels of the CLI. When configuring TACACS/TACACS+ authentication, you create
authentication-method lists specifically for these access methods, specifying TACACS/TACACS+ as
the primary authentication method.

Within the authentication-method list, TACACS/TACACS+ is specified as the primary authentication
method and up to six backup authentication methods are specified as alternates. If TACACS/TACACS
+ authentication fails due to an error, the device tries the backup authentication methods in the order
they appear in the list.

Setting the retransmission limit

50

FastIron Ethernet Switch Security Configuration Guide

53-1003088-03

See also other documents in the category Brocade Computer Accessories: