Technical data
BLADE OS 5.1 Application Guide
34
Chapter 1: Accessing the Switch BMD00136, November 2009
Configuring TACACS+ Authentication
1. Configure the Primary and Secondary TACACS+ servers, and enable TACACS
authentication.
2. Configure the TACACS+ secret and second secret.
3. If desired, you may change the default TCP port number used to listen to TACACS+.
The well-known port for TACACS+ is 49.
4. Configure the number of retry attempts, and the timeout period.
LDAP Authentication and Authorization
BLADE OS supports the LDAP (Lightweight Directory Access Protocol) method to authenticate
and authorize remote administrators to manage the switch. LDAP is based on a client/server model.
The switch acts as a client to the LDAP server. A remote user (the remote administrator) interacts
only with the switch, not the back-end server and database.
LDAP authentication consists of the following components:
A protocol with a frame format that utilizes TCP over IP
A centralized server that stores all the user authorization information
A client, in this case, the switch
Each entry in the LDAP server is referenced by its Distinguished Name (DN). The DN consists of
the user-account name concatenated with the LDAP domain name. If the user-account name is
John, the following is an example DN:
uid=John,ou=people,dc=domain,dc=com
RS G8000 (config)# tacacs-server primary-host 10.10.1.1
RS G8000 (config)# tacacs-server secondary-host 10.10.1.2
RS G8000 (config)# tacacs-server enable
RS G8000 (config)# tacacs-server primary-host 10.10.1.1
key <1-32 character secret>
RS G8000 (config)# tacacs-server secondary-host 10.10.1.2
key <1-32 character secret>
RS G8000 (config)# tacacs-server port <TCP port number>
RS G8000 (config)# tacacs-server retransmit 3
RS G8000 (config)# tacacs-server timeout 5