beautypg.com

Tacacs-server – Brocade Network OS Command Reference v4.1.0 User Manual

Page 1341

background image

Network OS Command Reference

1303

53-1003115-01

tacacs-server

2

tacacs-server

Configures a Terminal Access Controller Access-Control System plus (TACACS+) server.

Synopsis

tacacs-server host {hostname |ip-address} [port portnum] [protocol {chap| pap}]
[key shared_secret] [encryption-level value_level] [timeout secs] [retries num]

no tacacs-server {hostname |ip-address}

Operands

host {hostname |ip-address}

Specifies the IP address or domain name of the TACACS+ server. IPv4 and
IPv6 addresses are supported.

port portnum

Specifies the authentication port. Valid values range from 0
through 65535. The default is 49.

protocol {chap | pap} Specifies the authentication protocol. Options include CHAP and PAP. The

default is CHAP.

key shared_secret

Specifies the text string that is used as the shared secret between the
switch and the TACACS+ server to make the message exchange secure.
The key must be between 8 and 40 characters in length. The default key is
sharedsecret. The exclamation mark (!) is supported both in RADIUS and
TACACS+ servers, and you can specify the password in either double quotes
or the escape character (\), for example "secret!key" or secret\!key.

encryption-level value_level

Designates the encryption level for the shared secret key operation. This
operand supports JITC certification and compliance. The range of valid
values is from 0 through 7, with 0 being clear text and 7 being the most
heavily encrypted.

timeout secs

Specifies the time to wait for the TACACS+ server to respond. The default
is 5 seconds.

retries num

Specifies the number of attempts allowed to connect to a TACACS+ server.
The default is 5 attempts.

Defaults

Refer to the Operands for specific defaults.

Command Modes

Global configuration mode

Description

Use this command to configure attributes on the TACACS+ server. If a TACACS+ server with the
specified IP address or host name does not exist, it is added to the server list. If the TACACS+
server already exists, this command modifies the configuration.

Usage Guidelines

The key parameter does not support an empty string.

Executing the no form of the tacacs-server command attributes resets the specified attributes to
their default values.

NOTE

Before downgrading to a Network OS version that does not support the encryption-level keyword,
set the value of this keyword to 0. Otherwise, the firmware download will throw an error that
requests this value be set to 0.

See also other documents in the category Brocade Computer Accessories: