Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentForce10 S2410-01-10GE-24P

131

132

133

134

135

136

137

138

139

140

136 | Providing User Access Security

www.dell.com | support.dell.com

TACACS would generally not be the last method specified, in order to avoid a situation where the final

authentication option depends on a server that might be offline. Generally, you would specify

local as the

final method. For example, in the command string “

authentication login listone tacacs

local”, “listone” is the name given to the method list, followed by the selected sequence of authentication

methods—“tacacs” and then “local”. For details on setting local passwords, see Creating a User and

Password on page 36.

TACACS+ includes a group of configurable settings that you can also leave in their default settings. You

can configure some global settings (for all TACACS+ servers), or you can configure settings at the

individual server level. See the Security chapter in the

FTOS Command Line Interface Reference for details on

global settings. See the following section, Configuring TACACS+ Server Connection Options on

page 137, for more on configuring one host.

To specify the IP address of the TACACS host, use the

tacacs-server host command in the Global Config

mode, as shown here. In this example, the user then changes the local timeout to 5 seconds:

Figure 9-97. Setting the IP Address of a TACACS+ Server

Figure 9-98. Display Settings for TACACS+ Server Connections

Figure 9-99 shows the creation of three user authentication method lists, each one with a different priority

sequence. The list called “one” sets TACACS+ as the second authentication method; list “two” defaults to

local authentication; list “three” sets TACACS+ as the first method.

Figure 9-99. Setting the Authentication Method with the authentication login Command

show tacacs Privileged

Exec

Verify the configuration and status of TACACS

servers (See Figure 9-98).

show authentication Privileged

Exec

Display the ordered authentication methods for all

authentication login lists.

Step Command Syntax

Command

Mode Purpose

Force10#config

Force10 (Config)#tacacs-server host 1.1.1.1

Force10 (Tacacs)#timeout 5

Force10 (Tacacs)#exit

Force10 (Config)#

Force10 #show tacacs

Global Timeout: 5

IP address Port Timeout Priority

--------------- ----- ------- --------

10.10.10.226 49 Global 0

10.16.1.58 49 Global 0

Force10_S50 (Config)#authentication login one local tacacs

Force10_S50 (Config)#authentication login two

Force10_S50 (Config)#authentication login three tacacs reject