beautypg.com

Brocade Network OS Administrator’s Guide v4.1.1 User Manual

Page 288

background image

1. In the privileged EXEC mode, enter configure terminal to enter the global configuration mode.

switch# configure terminal

Entering configuration mode terminal

2. Enter tacacs-server and specify the server IP address.

switch(config)# tacacs-server host fec0:60:69bc:94:211:25ff:fec4:6010

Upon execution of the command you are placed into the tacacs-server configuration sub-mode
where you can specify additional parameters.

3. Specify the additional parameters.

This example specifies the CHAP protocol key.

switch(config-tacacs-server-fec0:60:69bc:94:211:25ff:fec4:6010)# protocol chap

key "new#hercules*secret"

switch(config-tacacs-server-fec0:60:69bc:94:211:25ff:fec4:6010)# exit

switch(config)# do show running-config tacacs-server fec0:60:69bc:

94:211:25ff:fec4:6010

tacacs-server host fec0:60:69bc:94:211:25ff:fec4:6010 key new# Hercules*secret

4. Enter exit to return to the global configuration mode.

switch(config-tacacs-server-fec0:60:69bc:94:211:25ff:fec4:6010)# exit

5. Enter do show running-config tacacs-server host server_address to verify the configuration.

switch(config)# do show running-config tacacs-server fec0:60:69bc:

94:211:25ff:fec4:6010

tacacs-server host fec0:60:69bc:94:211:25ff:fec4:6010

key new# Hercules*secret

Modifying the client-side TACACS+ server configuration

1. In privileged EXEC mode, enter configure terminal to change to global configuration mode.

switch# configure terminal

Entering configuration mode terminal

2. Enter tacacs-server host with the help option (?) to display the configured server IP addresses.

switch(config)# tacacs-server host ?

fec0:60:69bc:94:211:25ff:fec4:6010

3. Enter tacacs-server host followed by the address of the server you wish to modify.

switch(config)# tacacs-server host fec0:60:69bc:94:211:25ff:fec4:6010

Upon execution of the command you are placed into the tacacs-server configuration sub-mode
where you can specify the parameters you want to modify.

4. Specify the additional parameters.

switch(config-tacacs-server-fec0:60:69bc:94:211:25ff:fec4:6010)# key "changedsec"

retries 100

5. Enter exit to return to the global configuration mode.

switch(config-tacacs-server-fec0:60:69bc:94:211:25ff:fec4:6010)# exit

6. Enter do show running-config tacacs-server host server_address to verify the configuration.

This command does not display default values.

switch(config)# do show running-config tacacs-server fec0:60:69bc:

94:211:25ff:fec4:6010

tacacs-server host fec0:60:69bc:94:211:25ff:fec4:6010

key changedesc

retries 100!

The no tacacs-server host command removes the server configuration from the list of configured
RADIUS servers. If the tacacs-server being deleted is the last one in the list and authentication
mode is set to tacacs+, deletion of the server from the switch configuration is denied. When used
with a specified parameter, the command sets the default value of that parameter.

Configuring the client to use TACACS+ for login authentication

After you configured the client-side TACACS+ server list, you must set the authentication mode so that
TACACS+ is used as the primary source of authentication. refer to the section

Login authentication

mode

on page 277 for information on how to configure the login authentication mode.

Modifying the client-side TACACS+ server configuration

288

Network OS Administrator’s Guide

53-1003225-04

See also other documents in the category Brocade Computer Accessories: