beautypg.com

Enabling snmp traps for tacacs, Identifying the tacacs or tacacs+ servers – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 52

background image

34

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring TACACS or TACACS+ security

1

5. Optionally configure TACACS+ authorization. Refer to

“Configuring TACACS+ authorization”

.

6. Optionally configure TACACS+ accounting. Refer to

“Configuring TACACS+ accounting”

.

Enabling SNMP traps for TACACS

To enable SNMP access to the TACACS MIB objects on a Brocade device, you must execute the
enable snmp config-tacacs command as shown in the following.

Brocade(config)# enable snmp config-tacacs

Syntax: [no] enable snmp [config-radius | config-tacacs]

The config-radius parameter specifies the MIBs accessible for RADIUS. Generation of Radius traps
is disabled by default.

The config-tacacs parameter specifies the MIBs accessible for TACACS. Generation of TACACS traps
is disabled by default.

Identifying the TACACS or TACACS+ servers

To use TACACS or TACACS+ servers to authenticate access to a Brocade device, you must identify
the servers to the Brocade device.

For example, to identify three TACACS or TACACS+ servers, enter commands such as the following.

Brocade(config)# tacacs-server host 10.94.6.161

Brocade(config)# tacacs-server host 10.94.6.191

Brocade(config)# tacacs-server host 10.94.6.122

Syntax: [no] tacacs-server host ip-addr |hostname [auth-port number]

The ip-addr |hostname parameter specifies the IP address or host name of the server. You can
enter up to eight tacacs-server host commands to specify up to eight different servers.

NOTE

To specify the server's host name instead of its IP address, you must first identify a DNS server using
the ip dns server-address ip-addr command at the global CONFIG level.

If you add multiple TACACS or TACACS+ authentication servers to the Brocade device, the device
tries to reach them in the order you add them. For example, if you add three servers in the following
order, the software tries the servers in the same order.

1. 10.94.6.161

2. 10.94.6.191

3. 10.94.6.122

You can remove a TACACS or TACACS+ server by entering no followed by the tacacs-server
command. For example, to remove 10.94.6.161, enter the following command.

Brocade(config)# no tacacs-server host 10.94.6.161

See also other documents in the category Brocade Computer Accessories: