Specifications
Chapter 4. Initial configuration: IBM System Networking 10Gb Ethernet switches 141
As shown in Example 4-45, configure the IPv4 addresses of the Primary and Secondary
TACACS+ servers, and enable TACACS authentication. Specify the interface port (optional).
Example 4-45 Primary and Secondary TACACS+ servers
RS8264(config)# tacacs-server primary-host 10.10.1.1
RS8264(config)# tacacs-server primary-host mgt-port
RS8264(config)# tacacs-server secondary-host 10.10.1.2
RS8264(config)# tacacs-server secondary-host data-port
RS8264(config)# tacacs-server enable
Configure the TACACS+ secret and second secret (Example 4-46). In our example, the
primary host is in IP 10.10.1.1 and the secondary in 10.10.1.2.
Example 4-46 TACACS+ secret
RS8264(config)# tacacs-server primary-host 10.10.1.1 key <1-32 character secret>
RS8264(config)# tacacs-server secondary-host 10.10.1.2 key <1-32 character secret>
You may change the default TCP port number used to listen to TACACS+ (Example 4-47).
The known port for TACACS+ is 49.
Example 4-47 TACACS+ TCP port
RS8264(config)# tacacs-server port <TCP port number>
Configure the number of retry attempts, and the timeout period (Example 4-48).
Example 4-48 TACACS+ retry and timeout
RS8264(config)# tacacs-server retransmit 3
RS8264(config)# tacacs-server timeout 5
LDAP
To configure the LDAP access, complete the steps in this section.
As shown in Example 4-49, turn LDAP authentication on, then configure the IPv4 addresses
of the Primary and SecondaryLDAP servers. Specify the interface port (optional). In our
example, the primary host is in IP 10.10.1.1 and the secondary in 10.10.1.2.
Example 4-49 LDAP configuration
>> # ldap-server enable
>> # ldap-server primary-host 10.10.1.1 mgt-port
>> # ldap-server secondary-host 10.10.1.2 data-port
Configure the domain name (Example 4-50).
Example 4-50 Domain name
>> # ldap-server domain <ou=people,dc=my-domain,dc=com>