Technical data
BLADE OS 5.0 Command Reference
BMD00142, November 2009 Chapter 6: The Configuration Menu
169
Table 77 TACACS+ Server Options
Command Syntax and Usage
prisrv <IP address> [-ma|-mgta|-mb|-mgtb|-d|-data]
Defines the primary TACACS+ server address and the interface port to use to send
TACACS+ requests.
secsrv <IP address> [-ma|-mgta|-mb|-mgtb|-d|-data]
Defines the secondary TACACS+ server address and the interface port to use to send
TACACS+ requests.
secret <1-32 character secret>
This is the shared secret between the switch and the TACACS+ server(s).
secret2 <1-32 character secret>
This is the secondary shared secret between the switch and the TACACS+ server(s).
port <TACACS port>
Enter the number of the TCP port to be configured, between 1 - 65000. The default is 49.
retries <TACACS server retries, 1-3>
Sets the number of failed authentication requests before switching to a different TACACS+
server. The default is 3 requests.
timeout <TACACS server timeout seconds, 4-15>
Sets the amount of time, in seconds, before a TACACS+ server authentication attempt is
considered to have failed. The default is 5 seconds.
usermap <0-15>
user|oper|admin|none
Maps a TACACS+ authorization level to a switch user level. Enter a TACACS+ authorization
level (0-15), followed by the corresponding switch user level.
bckdoor disable|enable
Enables or disables the TACACS+ back door for Telnet, SSH/SCP, or HTTP/HTTPS.
Enabling this feature allows you to bypass the TACACS+ servers. It is recommended that you
use Secure Backdoor to ensure the switch is secured, because Secure Backdoor disallows
access through the back door when the TACACS+ servers are responding.
The default setting is disabled.
To obtain the TACACS+ backdoor password for your switch, contact your Service and
Support line.