Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00
51525354555657585960
ServerIron ADX Administration Guide 41
53-1002434-01
Configuring access control
1
TACACS and TACACS+
You can secure CLI access to the switch or router by configuring the device to consult a Terminal
Access Controller Access Control System (TACACS) or TACACS+ server to authenticate user names
and passwords.
NOTE
TACACS or TACACS+ authentication is not supported for Web management or IronView access.
Setting TACACS or TACACS+ parameters
To identify a TACACS or TACACS+ server and set other TACACS or TACACS+ parameters for
authenticating access to the ServerIronADX, enter a command such as the following.
ServerIronADX(config)# tacacs-server host 209.157.22.99
Syntax: [no] tacacs-server host <ip-addr> | <server-name> [auth-port <number>]
Syntax: [no] tacacs-server [key <key-string>] [timeout <number>] [retransmit <number>]
[dead-time <number>]
The only required parameter is the IP address or host name of the server. To specify the server's
host name instead of its IP address, you must first identify a DNS server using the ip dns
server-address <ip-addr> command at the global CONFIG level.
The auth-port parameter specifies the UDP port number of the authentication port on the server.
The default port number is 49.
The key parameter specifies the value that the Brocade device sends to the server when trying to
authenticate user access. The TACACS or TACACS+ server uses the key to determine whether the
Brocade device has authority to request authentication from the server. The key can be from 1 – 16
characters in length.
The timeout parameter specifies how many seconds the Brocade device waits for a response from
the TACACS or TACACS+ server before either retrying the authentication request or determining that
the TACACS or TACACS+ server is unavailable and moving on to the next authentication method in
the authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.
The retransmit parameter specifies how many times the Brocade device will re-send an
authentication request when the TACACS or TACACS+ server does not respond. The retransmit
value can be from 1 – 5 times. The default is 3 times.
When the software allows multiple authentication servers, the dead-time parameter specifies how
long the Brocade device waits for the primary authentication server to reply before deciding the
server is dead and trying to authenticate using the next server. The dead-time value can be from 1
– 5 seconds. The default is 3.
Enabling command authorization and accounting at the console
To configure the device to perform command authorization and command accounting for
commands entered at the console, enter the following command.
ServerIronADX(config)# enable aaa console
Syntax: [no] enable aaa console