beautypg.com

Setting optional tacacs or tacacs+ parameters, Setting the tacacs+ key – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 54

background image

36

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Configuring TACACS or TACACS+ security

1

0 = the key string is not encrypted and is in clear text

1 = the key string uses proprietary simple crytographic 2-way algorithm (only for Brocade
NetIron CES and Brocade NetIron CER)

2 = the key string uses proprietary base64 crytographic 2-way algorithm (only for Brocade
NetIron XMR and Brocade MLX series)

Setting optional TACACS or TACACS+ parameters

You can set the following optional parameters in a TACACS or TACACS+ configuration:

TACACS+ key – This parameter specifies the value that the Brocade device sends to the
TACACS+ server when trying to authenticate user access.

Retransmit interval – This parameter specifies how many times the Brocade device will resend
an authentication request when the TACACS or TACACS+ server does not respond. The
retransmit value can be from 1 – 5 times. The default is 3 times.

Dead time – This parameter specifies how long the Brocade device waits for the primary
authentication server to reply before deciding the server is dead and trying to authenticate
using the next server. The dead-time value can be from 1 – 5 seconds. The default is 3
seconds.

Timeout – This parameter specifies how many seconds the Brocade device waits for a
response from a TACACS or TACACS+ server before either retrying the authentication request,
or determining that the TACACS or TACACS+ servers are unavailable and moving on to the next
authentication method in the authentication-method list. The timeout can be from 1 – 15
seconds. The default is 3 seconds.

Setting the TACACS+ key

The key parameter in the tacacs-server command is used to encrypt TACACS+ packets before they
are sent over the network. The value for the key parameter on the Brocade device should match the
one configured on the TACACS+ server. The key length can be from 1 – 64 characters and cannot
include any space characters.

NOTE

The tacacs-server key command applies only to TACACS+ servers, not to TACACS servers. If you are
configuring TACACS, do not configure a key on the TACACS server and do not enter a key on the
Brocade device.

To specify a TACACS+ server key, enter the following command.

Brocade(config)# tacacs-server key rkwong

Syntax: [no] tacacs-server key [0 | 1] string

When you display the configuration of the Brocade device, the TACACS+ keys are encrypted.

Example

Brocade(config)# tacacs-server key 1 abc

Brocade(config)# write terminal

...

tacacs-server host 10.2.3.5 auth-port 49

tacacs key 1 $!2d

See also other documents in the category Brocade Computer Accessories: