beautypg.com

Configuring authentication-method lists for, Tacacs or tacacs, Setting the retransmission limit – Brocade Virtual ADX Administration Guide (Supporting ADX v03.1.00) User Manual

Page 88: Setting the dead time parameter, Setting the timeout parameter

background image

76

Brocade Virtual ADX Administration Guide

53-1003249-01

Configuring TACACS or TACACS+ security

2

Example

Virtual ADX(config)#tacacs-server key 1 abc

Virtual ADX(config)#write terminal

...

tacacs-server host 10.2.3.5 auth-port 49

tacacs key 1 $!2d

NOTE

Encryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.

Setting the retransmission limit

To set the TACACS or TACACS+ retransmit limit, enter a command such as the following.

Virtual ADX(config)#tacacs-server retransmit 5

Syntax: tacacs-server retransmit number

The retransmit parameter specifies how many times the Brocade Virtual ADX will resend an
authentication request when the TACACS or TACACS+ server does not respond. The retransmit limit
can be from 0 – 5 times. The default is 3 times.

Setting the dead time parameter

To set the TACACS or TACACS+ dead-time value, enter a command such as the following.

Virtual ADX(config)#tacacs-server dead-time 5

Syntax: tacacs-server dead-time number

The dead-time parameter specifies how long the Brocade Virtual ADX waits for the primary
authentication server to reply before deciding the server is dead and trying to authenticate using
the next server. The dead-time value can be from 1 – 5 seconds. The default is 3 seconds.

Setting the timeout parameter

Virtual ADX(config)#tacacs-server timeout 5

Syntax: tacacs-server timeout number

The timeout parameter specifies how many seconds the Brocade Virtual ADX waits for a response
from the TACACS or TACACS+ server before either retrying the authentication request, or
determining that the TACACS or TACACS+ server is unavailable and moving on to the next
authentication method in the authentication-method list. The timeout can be from 1 – 15 seconds.
The default is 3 seconds.

Configuring authentication-method lists for TACACS
or TACACS+

You can use TACACS or TACACS+ to authenticate Telnet or SSH access and access to Privileged
EXEC level and CONFIG levels of the CLI. When configuring TACACS or TACACS+ authentication, you
create authentication-method lists specifically for these access methods, specifying TACACS or
TACACS+ as the primary authentication method.

See also other documents in the category Brocade Computer Accessories: