beautypg.com

Tacacs and tacacs, Setting tacacs or tacacs+ parameters – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 48

background image

36

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring access control

1

TACACS and TACACS+

You can secure CLI access to the device by configuring it to consult a Terminal Access Controller
Access Control System (TACACS) or TACACS+ server to authenticate user names and passwords.

NOTE

TACACS or TACACS+ authentication is not supported for Web management or IronView access.

Setting TACACS or TACACS+ parameters

To identify a TACACS or TACACS+ server and set other TACACS or TACACS+ parameters for
authenticating access to the Brocade Virtual ADX, enter a command such as the following.

Virtual ADX(config)#tacacs-server host 10.157.22.99

Syntax: [no] tacacs-server host ip-addr | server-name [auth-port number]

Syntax: [no] tacacs-server [key key-string] [timeout number] [retransmit number] [dead-time

number]

The only required parameter is the IP address or host name of the server. To specify the server's
host name instead of its IP address, you must first identify a DNS server using the ip dns
server-address ip-addr command at the global CONFIG level.

The auth-port parameter specifies the UDP port number of the authentication port on the server.
The default port number is 49.

The key parameter specifies the value that the Brocade Virtual ADX sends to the server when trying
to authenticate user access. The TACACS or TACACS+ server uses the key to determine whether the
Brocade Virtual ADX has authority to request authentication from the server. The key can be from 1
– 16 characters in length.

The timeout parameter specifies how many seconds the Brocade Virtual ADX waits for a response
from the TACACS or TACACS+ server before either retrying the authentication request or
determining that the TACACS or TACACS+ server is unavailable and moving on to the next
authentication method in the authentication-method list. The timeout can be from 1 – 15 seconds.
The default is 3 seconds.

The retransmit parameter specifies how many times the Brocade Virtual ADX will re-send an
authentication request when the TACACS or TACACS+ server does not respond. The retransmit
value can be from 0 – 5 times. The default is 3 times.

When the software allows multiple authentication servers, the dead-time parameter specifies how
long the Brocade Virtual ADX waits for the primary authentication server to reply before deciding
the server is dead and trying to authenticate using the next server. The dead-time value can be
from 1 – 5 seconds. The default is 3.

Enabling command authorization and accounting
at the console

To configure the device to perform command authorization and command accounting for
commands entered at the console, enter the following command.

Virtual ADX(config)#enable aaa console

Syntax: [no] enable aaa console

See also other documents in the category Brocade Computer Accessories: