Configuration manual

ManualsBrandsDell ManualsNetworkingForce10 S25-01-GE-24P

941

942

943

944

945

946

947

948

949

950

950 | Security

www.dell.com | support.dell.com

Figure 46-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the

configured access-class on the VTY line to be ignored. If you have configured a

deny10 ACL on the

TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0

subnet, FTOS also immediately closes the Telnet connection. Note, that no matter where the user is coming

from, they see the login prompt.

Figure 46-5. Specify a TACACS+ server host

When configuring a TACACS+ server host, you can set different communication parameters, such as the

the key password.

To specify a TACACS+ server host and configure its communication parameters, use the following

command in the CONFIGURATION mode:

To specify multiple TACACS+ server hosts, configure the

tacacs-server host command multiple times. If

multiple TACACS+ server hosts are configured, FTOS attempts to connect with them in the order in which

they were configured.

To view the TACACS+ configuration, use the

show running-config tacacs+ command in the EXEC

Privilege mode.

Command Syntax Command Mode Purpose

tacacs-server host {hostname |

ipv4-address | ipv6-address} [port

port-number] [timeout seconds] [key

key]

CONFIGURATION Enter the host name or IP address of the TACACS+

server host. Configure the optional communication

parameters for the specific host:

• port port-number range: 0 to 65335. Enter a TCP

port number. The default is 49.

• timeout seconds range: 0 to 1000. Default is 10

seconds.

• key key: Enter a string for the key. The key can be up

to 42 characters long. This key must match a key

configured on the TACACS+ server host. This

parameter should be the last parameter configured.

If these optional parameters are not configured, the

default global values are applied.

Force10#

Force10(conf)#

Force10(conf)#ip access-list standard deny10

Force10(conf-ext-nacl)#permit 10.0.0.0/8

Force10(conf-ext-nacl)#deny any

Force10(conf)#

Force10(conf)#aaa authentication login tacacsmethod tacacs+

Force10(conf)#aaa authentication exec tacacsauthorization tacacs+

Force10(conf)#tacacs-server host 25.1.1.2 key force10

Force10(conf)#

Force10(conf)#line vty 0 9

Force10(config-line-vty)#login authentication tacacsmethod

Force10(config-line-vty)#authorization exec tacauthor

Force10(config-line-vty)#

Force10(config-line-vty)#access-class deny10

Force10(config-line-vty)#end