beautypg.com

Configuration, Configure tacacs – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1293

background image

TACACS+ Introduction and Configuration

Software Reference for x310 Series Switches

C613-50046-01 REV A

AlliedWare Plus

TM

Operating System - Version 5.4.4C

48.5

Configuration

This section describes how to set up TACACS+ for login authentication, enable password
authentication, and accounting.

The TACACS+ server is normally a multiuser system running TACACS+ server software
from a software provider. TACACS+ servers are identified on the basis of their host name or
IP address. A TACACS+ server and a switch use a shared secret text string to encrypt
passwords and exchange responses. To configure TACACS+, you must specify the host
running the TACACS+ server software and a secret text string that it shares with the
switch.

Configure TACACS+

Table 48-1: General configuration procedure for TACACS+ authentication and accounting

Specify a remote TACACS+ server and the shared secret key

awplus#

configure terminal

Enter Global Configuration mode.

awplus(config)#

tacacs-server host {<host-name>|

<ip-address>}

[key [8]<key-string>]

Specify the IP address or host name of the remote TACACS+
server host and the shared secret key to use with the specified
TACACS+ server.
Specify 8 if you are entering a password as a string that has
already been encrypted instead of entering a plain text
password.
As many as four TACACS+ servers can be configured and
consulted for authentication and accounting. The first server
configured is regarded as the primary server and if the
primary server fails then the backup servers are consulted in
turn.

awplus(config)#

tacacs-server key [8]

<key-string>

Specify the global shared secret text string used between the
switch and all TACACS+ servers.

Specify 8 if you are entering a password as a string that has
already been encrypted instead of entering a plain text
password.

If no secret key is explicitly specified for a TACACS+ server with
the

tacacs-server host

command, the global secret key will

be used.

Specify the timeout value

awplus(config)#

tacacs-server timeout <seconds>

Specify for how many seconds a switch waits for a reply to a
TACACS+ request before considering the TACACS+ server
dead.

See also other documents in the category Allied Telesis Computer hardware: