Tacacs or tacacs+ configuration considerations, Tacacs configuration procedure, Tacacs+ configuration procedure – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Brocade Virtual ADX Administration Guide

73

53-1003249-01

Configuring TACACS or TACACS+ security

2

AAA security for commands pasted into the running-config file

If AAA security is enabled on the device, commands pasted into the running-config file are subject
to the same AAA operations as if they were entered manually.

When you paste commands into the running-config file, and AAA command authorization or
accounting is configured on the device, AAA operations are performed on the pasted commands.
The AAA operations are performed before the commands are actually added to the running-config
file. The server performing the AAA operations should be reachable when you paste the commands
into the running-config file. If the device determines that a pasted command is invalid, AAA
operations are halted on the remaining commands. The remaining commands may not be
executed if command authorization is configured.

TACACS or TACACS+ configuration considerations

Consider the following:

•

You must deploy at least one TACACS or TACACS+ server in your network.

•

Brocade Virtual ADX devices support authentication using up to eight TACACS or TACACS+
servers. The device tries to use the servers in the order you add them to the device’s
configuration.

•

You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+
as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS
authentication as a primary method for the same type of access. However, you can configure
backup authentication methods for each access type.

•

You can configure the Brocade Virtual ADX to authenticate using a TACACS or TACACS+ server,
not both.

TACACS configuration procedure

For TACACS configurations, use the following procedure.

1. Identify TACACS servers. Refer to

“Identifying the TACACS or TACACS+ servers”

on page 74.

2. Set optional parameters. Refer to

“Setting optional TACACS or TACACS+ parameters”

on

page 75.

3. Configure authentication-method lists. Refer to

“Configuring authentication-method lists for

TACACS or TACACS+”

on page 76.

TACACS+ configuration procedure

For TACACS+ configurations, use the following procedure.

1. Identify TACACS+ servers. Refer to

“Identifying the TACACS or TACACS+ servers”

on page 74.

2. Set optional parameters. Refer to

“Setting optional TACACS or TACACS+ parameters”

on

page 75.

3. Configure authentication-method lists. Refer to

“Configuring authentication-method lists for

TACACS or TACACS+”

on page 76.

4. Optionally configure TACACS+ authorization. Refer to

“Configuring TACACS+ authorization”

on

page 79.