Cisco Nexus 5000 Series Switch CLI Software Configuration Guide (OL-16597-01, July 2009)

ManualsBrandsHP ManualsStorageCisco Nexus 5010 with FCoE Storage Services License Converged Network Switch

301

302

303

304

305

306

307

308

309

310

PurposeCommand or Action

(Optional)

Displays the TACACS+ server group configuration.

switch(config)# show tacacs-server

groups

Step 6

(Optional)

Copies the running configuration to the startup

configuration.

switch(config)# copy running-config

startup-config

Step 7

The following example shows how to configure a TACACS+ server group:

switch# configure terminal

switch(config)# aaa group server tacacs+ TacServer

switch(config-tacacs+)# server 10.10.2.2

switch(config-tacacs+)# deadtime 30

switch(config-tacacs+)# exit

switch(config)# show tacacs-server groups

switch(config)# copy running-config startup-config

Specifying a TACACS+ Server at Login

You can configure the switch to allow the user to specify which TACACS+ server to send the authenticate

request by enabling the directed-request option. By default, a Cisco Nexus 5000 Series switch forwards an

authentication request based on the default AAA authentication method. If you enable this option, the user

can log in as username@hostname , where hostname is the name of a configured RADIUS server.

User specified logins are only supported for Telnet sessions.Note

To specify a TACACS+ server at login, perform this task:

Procedure

PurposeCommand or Action

Enters configuration mode.switch# configure terminal

Step 1

Allows users to specify a TACACS+ server to send

the authentication request when logging in. The

default is disabled.

switch(config)# tacacs-server

directed-request

Step 2

Exits configuration mode.switch(config)# exit

Step 3

(Optional)

Displays the TACACS+ directed request

configuration.

switch# show tacacs-server

directed-request

Step 4

(Optional)

Copies the running configuration to the startup

configuration.

switch# copy running-config

startup-config

Step 5

Configuring the Global TACACS+ Timeout Interval

You can set a global timeout interval that the Cisco Nexus 5000 Series switch waits for responses from all

TACACS+ servers before declaring a timeout failure. The timeout interval determines how long the switch

waits for responses from TACACS+ servers before declaring a timeout failure.

Cisco Nexus 5000 Series Switch CLI Software Configuration Guide

262 OL-16597-01

About Configuring TACACS+

Specifying a TACACS+ Server at Login