beautypg.com

Identifying the tacacs or tacacs+ servers – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 86

background image

74

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring TACACS or TACACS+ security

2

5. Optionally configure TACACS+ accounting. Refer to

“Configuring TACACS+ accounting”

on

page 82.

Identifying the TACACS or TACACS+ servers

To use TACACS or TACACS+ servers to authenticate access to a Brocade Virtual ADX, you must
identify the servers to the Brocade Virtual ADX.

Virtual ADX(config)#tacacs-server host 207.94.6.161

Virtual ADX(config)#tacacs-server host 207.94.6.191

Virtual ADX(config)#tacacs-server host 207.94.6.122

Syntax: tacacs-server ip-addr|hostname [auth-port number]

The ip-addr|hostname variable specifies the IP address or host name of the server. You can enter
up to eight tacacs-server host commands to specify up to eight different servers.

NOTE

To specify the server's host name instead of its IP address, you must first identify a DNS server using
the ip dns server-address ip-addr command at the global CONFIG level.

If you add multiple TACACS or TACACS+ authentication servers to the Brocade Virtual ADX, it tries to
reach them in the order you add them. For example, if you add three servers in the following order,
the software tries the servers in the same order.

1. 207.94.6.161

2. 207.94.6.191

3. 207.94.6.122

You can remove a TACACS or TACACS+ server by entering no followed by the tacacs-server
command. For example, to remove 207.94.6.161, enter the following command.

Virtual ADX(config)#no tacacs-server host 207.94.6.161

NOTE

If you erase a tacacs-server command (by entering “no” followed by the command), make sure you
also erase the aaa commands that specify TACACS or TACACS+ as an authentication method. (Refer
to

“Configuring authentication-method lists for TACACS or TACACS+”

on page 76.) Otherwise, when

you exit from the CONFIG mode or from a Telnet session, the system continues to believe it is TACACS
or TACACS+ enabled and you will not be able to access the system.

The auth-port parameter specifies the UDP (for TACACS) or TCP (for TACACS+) port number of the
authentication port on the server. The default port number is 49.

Specifying different servers for individual AAA functions

In a TACACS+ configuration, you can designate a server to handle a specific AAA task. For example,
you can designate one TACACS+ server to handle authorization and another TACACS+ server to
handle accounting. You can set the TACACS+ key for each server.

To specify different TACACS+ servers for authentication, authorization and accounting, enter
commands such as the following.

Virtual ADX(config)#tacacs-server host 10.2.3.4 auth-port 49 authentication-only

key abc

See also other documents in the category Brocade Computer Accessories: