beautypg.com

Tacacs a – Enterasys Networks CSX6000 User Manual

Page 219

background image

Central Site Remote Access Switch 219

C

ONFIGURING

O

FF

-

NODE

S

ERVER

I

NFORMATION

TACACS Authentication Server

U

SING

M

ANAGE

M

ODE

C

OMMANDS

tacacs

Displays the current TACACS off-node server configuration data.

tacacs change

Allows you to change the current TACACS off-node server configuration data. After entering
the

tacacs change

command, you will be prompted for the configuration elements you

want to change.

TACACS A

UTHENTICATION

S

ERVER

C

ONFIGURATION

E

LEMENTS

IP A

DDRESS

The IP address in dotted decimal notation for the TACACS Server.

UDP P

ORT

N

UMBER

The UDP port number used by the TACACS Server. The default value of 49 is almost always used.

N

UMBER

OF

A

CCESS

R

EQUEST

R

ETRIES

The number of Access Request Retries that the system will send to the TACACS Server. The initial
default value is 3. The acceptable range is from 0 to 32,767.

T

IME

BETWEEN

A

CCESS

R

EQUEST

R

ETRIES

The time between Access Request Retries sent from the system. The initial default value is 1 second.
The acceptable range is from 1 to 10,000.

TACACS

PACKET

FORMAT

The TACACS format for device authentication. The default format is ID code, PIN.

TACACS A

UTHENTICATION

S

ERVER

B

ACKGROUND

I

NFORMATION

The Terminal Access Controller Access Control System (TACACS) is a database supported by the
CyberSWITCH. TACACS operates using two components: client code and server code. TACACS
server software is installed on a UNIX-based system connected to the CyberSWITCH network. The
client protocols allow the system to communicate with the TACACS server, ultimately
authenticating devices.

The following is a typical scenario if the TACACS Server is activated: with user level security, a
remote user will Telnet into a specified system port for user authentication. The system, in turn, will
send an access request to the primary TACACS Server. After the configured time interval the
system will send an access request retry if the primary server does not respond. After the
configured number of retries, the system will request authentication information from the
secondary server if one is configured. The connection will be released if neither server responds to
the access requests.

Note:

For user level security, the CyberSWITCH’s default Telnet port number is 7000, not the
normal default (23).

This manual is related to the following products:
See also other documents in the category Enterasys Networks Computer Accessories: