Adding a tacacs+ server to the client server list – Brocade Network OS Administrator’s Guide v4.1.1 User Manual
Page 287

TACACS+ server parameters
TABLE 50
Parameter
Description
host
IP address (IPv4 or IPv6) or domain/host name of the TACACS+ server. Host name
requires prior DNS configuration. The maximum supported length for the host name is
40 characters.
port
The TCP port used to connect the TACACS+ server for authentication. The port range
is 1 through 65535; the default port is 49.
protocol
The authentication protocol to be used. Options include CHAP and PAP. The default
protocol is CHAP.
key
The shared secret between the switch and the TACACS+ server. The default value is
"sharedsecret." The key cannot contain spaces and must be from 8 through 40
characters in length. Empty keys are not supported.
retries
The number of attempts permitted to connect to a TACACS+ server. The range is 0
through 100, and the default value is 5.
timeout
The maximum amount of time to wait for a server to respond. Options are from 1
through 60 seconds, and the default value is 5 seconds.
encryption-level
Whether the encryption key should be stored in clear-text or in encrypted format.
Default is 7 (encrypted). Possible values are 0 or 7, where 0 represents store the key
in clear-text format and 7 represents encrypted format.
NOTE
If you do not configure the key attribute, the authentication session will not be encrypted. The value of
key must match with the value configured in the TACACS+ configuration file; otherwise, the
communication between the server and the switch fails.
Refer also to:
•
Adding a TACACS+ server to the client server list
on page 287
•
Modifying the client-side TACACS+ server configuration
•
Configuring the client to use TACACS+ for login authentication
on page 288
•
Configuring TACACS+ accounting on the client side
Adding a TACACS+ server to the client server list
You must configure the Domain Name System (DNS) server on the switch prior to adding the TACACS
+ server with a domain name or a host name. Without the DNS server, name resolution of the TACACS
+ server fails and therefore the add operation fails. Use the ip dns command to configure the DNS
server.
NOTE
When a list of servers is configured, failover from one server to another server happens only if a
TACACS+ server fails to respond; it does not happen when user authentication fails.
The following procedure adds a TACACS+ server host in IPv6 format.
Adding a TACACS+ server to the client server list
Network OS Administrator’s Guide
287
53-1003225-04