Reference Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S5000

781

782

783

784

785

786

787

788

789

790

790 | Security

www.dell.com | support.dell.com

Figure 44-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the

configured access-class on the VTY line to be ignored. If you have configured a

deny10 ACL on the

TACACS+ server, Dell Networking OS downloads it and applies it. If the user is found to be coming from

the 10.0.0.0 subnet, Dell Networking OS also immediately closes the Telnet connection. Note, that no

matter where the user is coming from, they see the login prompt.

Figure 44-5. Specify a TACACS+ server host

When configuring a TACACS+ server host, you can set different communication parameters, such as the

key password.

To specify a TACACS+ server host and configure its communication parameters, use the following

command in the CONFIGURATION mode:

To specify multiple TACACS+ server hosts, configure the

tacacs-server host command multiple times. If

multiple TACACS+ server hosts are configured, Dell Networking OS attempts to connect with them in the

order in which they were configured.

To view the TACACS+ configuration, use the

show running-config tacacs+ command in the EXEC Privilege

mode.

Command Syntax Command Mode Purpose

tacacs-server host {hostname |

ip-address} [port port-number]

[timeout seconds] [key key]

CONFIGURATION Enter the host name or IP address of the TACACS+

server host. Configure the optional communication

parameters for the specific host:

• port port-number range: 0 to 65335. Enter a TCP port

number. The default is 49.

• timeout seconds range: 0 to 1000. Default is 10

seconds.

• key key: Enter a string for the key. The key can be up

to 42 characters long. This key must match a key

configured on the TACACS+ server host. This

parameter should be the last parameter configured.

If these optional parameters are not configured, the

default global values are applied.

Dell(conf)#ip access-list standard deny10

Dell(conf-std-nacl)#permit 10.0.0.0/8

Dell(conf-std-nacl)#deny any

Dell(conf)#

Dell(conf)#aaa authentication login tacacsmethod tacacs+

Dell(conf)#aaa authentication exec tacacsauthorization tacacs+

Dell(conf)#tacacs-server host 25.1.1.2 key dell

Dell(conf)#

Dell(conf)#line vty 0 9

Dell(config-line-vty)#login authentication tacacsmethod

Dell(config-line-vty)#authorization exec tacauthor

Dell(config-line-vty)#

Dell(config-line-vty)#access-class deny10

Dell(config-line-vty)#end