beautypg.com

Tacacs or tacacs+ configuration considerations, Tacacs configuration procedure, Tacacs+ configuration procedure – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 51

background image

Multi-Service IronWare Security Configuration Guide

33

53-1003035-02

Configuring TACACS or TACACS+ security

1

AAA Security for commands pasted Into the
running configuration

If AAA security is enabled on a Brocade device, commands pasted into the running configuration
are subject to the same AAA operations as if they were entered manually.

When you paste commands into the running configuration, and AAA command authorization or
accounting is configured on the device, AAA operations are performed on the pasted commands.
The AAA operations are performed before the commands are actually added to the running
configuration. The server performing the AAA operations should be reachable when you paste the
commands into the running configuration file. If the device determines that a pasted command is
invalid, AAA operations are halted on the remaining commands. The remaining commands may not
be executed if command authorization is configured.

TACACS or TACACS+ configuration considerations

Consider the following for configuring TACACS or TACACS+ servers:

You must deploy at least one TACACS or TACACS+ server in your network.

The Brocade device supports authentication using up to eight TACACS or TACACS+ servers. The
device tries to use the servers in the order you add them to the device’s configuration.

You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+
as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS
authentication as a primary method for the same type of access. However, you can configure
backup authentication methods for each access type.

You can configure the Brocade device to authenticate using a TACACS or TACACS+ server, not
both.

TACACS configuration procedure

Use the following procedure for TACACS configurations.

1. Enable TACACS.

“Enabling SNMP traps for TACACS”

.

2. Identify TACACS servers. Refer to

“Identifying the TACACS or TACACS+ servers”

.

3. Set optional parameters. Refer to

“Setting optional TACACS or TACACS+ parameters”

.

4. Configure authentication-method lists. Refer to

“Configuring authentication-method lists for

TACACS or TACACS+”

.

TACACS+ configuration procedure

Use the following procedure for TACACS+ configurations.

1. Enable TACACS.

“Enabling SNMP traps for TACACS”

2. Identify TACACS+ servers. Refer to

“Identifying the TACACS or TACACS+ servers”

.

3. Set optional parameters. Refer to

“Setting optional TACACS or TACACS+ parameters”

.

4. Configure authentication-method lists. Refer to

“Configuring authentication-method lists for

TACACS or TACACS+”

.

See also other documents in the category Brocade Computer Accessories: