beautypg.com

Tacacs+ authorization, Supported tacacs+ packages and protocols, Tacacs+ configuration components – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 286: Configuring the client for tacacs+ support

background image

support, management of Brocade switches seamlessly integrates into these environments. Once
configured to use TACACS+, a Brocade switch becomes a network access server.

If you are in logical chassis cluster mode, the configuration is applied to all nodes in the cluster.

TACACS+ authorization

The TACACS+ server is used only for authentication and accounting. Authorization is enforced by the
Brocade role-based access control (RBAC) protocol at the switch level. The same role should be
assigned to a user configured on the TACACS+ server and configured on the switch. If the switch fails
to get the user’s role from the TACACS+ server after successful authentication, or if the role does not
match any of the roles present on the switch, the user role is assigned by default. Thereafter, the role
obtained from the TACACS+ server (or the defaulted role) is used for RBAC.

TACACS+ authentication through management interfaces

You can access the switch through the serial port, or through Telnet or SSH from either the
management interface or the data ports (TE interface or in-band). The switch goes through the same
TACACS+-based authentication with either access method.

Supported TACACS+ packages and protocols

Brocade supports the following TACACS+ packages for running the TACACS+ daemon on remote
AAA servers.

• Free TACACS+ daemon (tacacs-plus 4.0.4.23-3). You can download this package from

www.shrubbery.net/tac_plus

.

• ACS 5.3
• ACS 4.2

The TACACS+ protocol v1.78 is used for AAA services between the Brocade switch client and the
TACACS+ server.

The authentication protocols supported for user authentication are Password Authentication Protocol
(PAP) and Challenge Handshake Authentication Protocol (CHAP).

TACACS+ configuration components

Configuring TACACS+ requires configuring TACACS+ support on the client (including optional
accounting), as well as configuring TACACS+ on the server. Support for mixed environments may also
be required.

Configuring the client for TACACS+ support

Each Brocade switch client must be individually configured to use TACACS+ servers. You use the
tacacs-server command to specify the server IP address, authentication protocols, and other
parameters. You can configure a maximum of five TACACS+ servers on a Brocade switch for AAA
service.

The parameters in the following table are associated with a TACACS+ server that is configured on the
switch.

TACACS+ authorization

286

Network OS Administrator’s Guide

53-1003225-04

See also other documents in the category Brocade Computer Accessories: