beautypg.com

Configuring authentication-method lists for, Tacacs or tacacs, Setting the retransmission limit – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 55: Setting the timeout parameter

background image

Multi-Service IronWare Security Configuration Guide

37

53-1003035-02

Configuring TACACS or TACACS+ security

1

NOTE

Encryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.

Setting the retransmission limit

The retransmit parameter specifies how many times the Brocade device will resend an
authentication request when the TACACS or TACACS+ server does not respond. The retransmit limit
can be from 1 – 5 times. The default is 3 times.

To set the TACACS or TACACS+ retransmit limit, enter the following command.

Brocade(config)# tacacs-server retransmit 5

Syntax: [no] tacacs-server retransmit number

Setting the timeout parameter

The timeout parameter specifies how many seconds the Brocade device waits for a response from
the TACACS or TACACS+ server before either retrying the authentication request, or determining
that the TACACS or TACACS+ server is unavailable and moving on to the next authentication method
in the authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3
seconds.

Brocade(config)# tacacs-server timeout 5

Syntax: [no] tacacs-server timeout number

Configuring authentication-method lists for
TACACS or TACACS+

You can use TACACS or TACACS+ to authenticate console, Telnet, or SSH access and access to
Privileged EXEC level and CONFIG levels of the CLI. When configuring TACACS or TACACS+
authentication, you create authentication-method lists specifically for these access methods,
specifying TACACS or TACACS+ as the primary authentication method.

Within the authentication-method list, TACACS or TACACS+ is specified as the primary
authentication method and up to six backup authentication methods are specified as alternates. If
TACACS or TACACS+ authentication fails due to an error, the device tries the backup authentication
methods in the order they appear in the list. If a TACACS or TACACS+ server responds with a reject
for a user, the system does not try the backup authentication methods.

When you configure authentication-method lists for TACACS or TACACS+ authentication, you must
create a separate authentication-method list for Telnet or SSH CLI access, and for access to the
Privileged EXEC level and CONFIG levels of the CLI.

To create an authentication-method list that specifies TACACS or TACACS+ as the primary
authentication method for securing Telnet or SSH access to the CLI.

Brocade(config)# enable telnet authentication

Brocade(config)# aaa authentication login default tacacs+ local

NOTE

To enable AAA support for commands entered at the console you must follow the procedure
described in

“Configuring AAA on the console”

.

See also other documents in the category Brocade Computer Accessories: