beautypg.com

Setting optional tacacs or tacacs+ parameters, Setting the tacacs+ key – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 87

background image

Brocade Virtual ADX Administration Guide

75

53-1003249-01

Configuring TACACS or TACACS+ security

2

Virtual ADX(config)#tacacs-server host 10.2.3.5 auth-port 49 authorization-only

key def

Virtual ADX(config)#tacacs-server host 10.2.3.6 auth-port 49 accounting-only key

ghi

Syntax: tacacs-server host ip-addr | server-name [authentication-only | authorization-only |

accounting-only | default] [key string]

The default parameter causes the server to be used for all AAA functions.

After authentication takes place, the server that performed the authentication is used for
authorization or accounting. If the authenticating server cannot perform the requested function,
then the next server in the configured list of servers is tried; this process repeats until a server that
can perform the requested function is found, or every server in the configured list has been tried.

Setting optional TACACS or TACACS+ parameters

You can set the following optional parameters in a TACACS or TACACS+ configuration:

TACACS+ key – This parameter specifies the value that the Brocade Virtual ADX sends to the
TACACS+ server when trying to authenticate user access.

Retransmit interval – This parameter specifies how many times the Brocade Virtual ADX will
resend an authentication request when the TACACS or TACACS+ server does not respond. The
retransmit value can be from 0 – 5 times. The default is 3 times.

Dead time – This parameter specifies how long the Brocade Virtual ADX waits for the primary
authentication server to reply before deciding the server is dead and trying to authenticate
using the next server. The dead-time value can be from 1 – 5 seconds. The default is 3
seconds.

Timeout – This parameter specifies how many seconds the Brocade Virtual ADX waits for a
response from a TACACS or TACACS+ server before either retrying the authentication request,
or determining that the TACACS or TACACS+ servers are unavailable and moving on to the next
authentication method in the authentication-method list. The timeout can be from 1 – 15
seconds. The default is 3 seconds.

Setting the TACACS+ key

NOTE

The tacacs-server key command applies only to TACACS+ servers, not to TACACS servers. If you are
configuring TACACS, do not configure a key on the TACACS server and do not enter a key on the
Brocade Virtual ADX.

To specify a TACACS+ server key, enter a command such as the following.

Virtual ADX(config)#tacacs-server key rkwong

Syntax: tacacs-server key [0 | 1] string

The key parameter in the tacacs-server command is used to encrypt TACACS+ packets before they
are sent over the network. The value for the key parameter on the Brocade Virtual ADX should
match the one configured on the TACACS+ server. The key can be from 1 – 32 characters in length
and cannot include any space characters.

When you display the configuration of the Brocade Virtual ADX, the TACACS+ keys are encrypted.

See also other documents in the category Brocade Computer Accessories: