beautypg.com

Adding a tacacs+ server to the client server list – Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 287

background image

TACACS+ server parameters

TABLE 50

Parameter

Description

host

IP address (IPv4 or IPv6) or domain/host name of the TACACS+ server. Host name
requires prior DNS configuration. The maximum supported length for the host name is
40 characters.

port

The TCP port used to connect the TACACS+ server for authentication. The port range
is 1 through 65535; the default port is 49.

protocol

The authentication protocol to be used. Options include CHAP and PAP. The default
protocol is CHAP.

key

The shared secret between the switch and the TACACS+ server. The default value is
"sharedsecret." The key cannot contain spaces and must be from 8 through 40
characters in length. Empty keys are not supported.

retries

The number of attempts permitted to connect to a TACACS+ server. The range is 0
through 100, and the default value is 5.

timeout

The maximum amount of time to wait for a server to respond. Options are from 1
through 60 seconds, and the default value is 5 seconds.

encryption-level

Whether the encryption key should be stored in clear-text or in encrypted format.
Default is 7 (encrypted). Possible values are 0 or 7, where 0 represents store the key
in clear-text format and 7 represents encrypted format.

NOTE
If you do not configure the key attribute, the authentication session will not be encrypted. The value of
key must match with the value configured in the TACACS+ configuration file; otherwise, the
communication between the server and the switch fails.

Refer also to:

Adding a TACACS+ server to the client server list

on page 287

Modifying the client-side TACACS+ server configuration

on page 288

Configuring the client to use TACACS+ for login authentication

on page 288

Configuring TACACS+ accounting on the client side

on page 289

Adding a TACACS+ server to the client server list

You must configure the Domain Name System (DNS) server on the switch prior to adding the TACACS
+ server with a domain name or a host name. Without the DNS server, name resolution of the TACACS
+ server fails and therefore the add operation fails. Use the ip dns command to configure the DNS
server.

NOTE
When a list of servers is configured, failover from one server to another server happens only if a
TACACS+ server fails to respond; it does not happen when user authentication fails.

The following procedure adds a TACACS+ server host in IPv6 format.

Adding a TACACS+ server to the client server list

Network OS Administrator’s Guide

287

53-1003225-04