Allied Telesis AT-S63 User Manual

Page 834

background image

Chapter 36: TACACS+ and RADIUS Protocols

834

Section VIII: Management Security

If you will be specifying more than one TACACS+ server and if all of
the servers use the same encryption secret, you can answer No to this
prompt and enter the encryption secret using the TAC Global Secret
parameter.

However, if you are specifying only one TACACS+ server or if the
servers have difference encryption secrets, then respond with Yes to
this prompt. You will see:

Enter per-server secret [max 40 characters] ->

Use this prompt to enter the encryption secret for the TACACS+ server
whose IP address you are specifying.

4 - TAC Global Secret
If all of the TACACS+ servers have the same encryption secret, rather
then entering the same secret when you enter the IP addresses, you
can use this option to enter the secret only once.

5 - TAC Timeout
This parameter specifies the maximum amount of time the switch waits
for a response from a TACACS+ server before assuming the server is
not responding. If the timeout expires and the server has not
responded, the switch queries the next TACACS+ server in the list. If
there are no more servers, the switch defaults to the standard
Manager and Operator accounts. The default is 30 seconds. The
range is 1 to 300 seconds.

5. After you have finished configuring the parameters in the TACACS+

Client Configuration menu, type R to return to the Authentication
Configuration menu, shown in Figure 284 on page 830.

6. To activate the feature, perform the procedure “Enabling Server-based

Management Authentication” on page 830.