User's Manual

ManualsBrandsPLANET Technology ManualsLAN SwitchesLayer 3 48-Port 10G SFP+ + 2-Port 40G QSFP+ + 4-Port 100G QSFP28 Managed Switch

111

112

113

114

115

116

117

118

119

120

117

Use command tacacs-server to configure the following as well:

 Use single-connection key word to assign the adoption of single connection. This would

allow server program to deal with more TACACS+ operations and be more efficient. multi-

connection means the adoption of multiple TCP connection.

 Use parameter port to assign TCP interface number which is used by TACACS+ server

program. The default interface number is 49.

 Use parameter timeout to assign the time’s upper limit ( taken second as the unit) for

SWITCH’s waiting response from server.

 Use parameter key to assign the encrypted and decrypted secret keys for messages.

Note:

Connect host after using tacacs-server, and connect the timeout value defined by command

timeout to cover the global timeout value configured by command tacacs-server timeout. Use the

encrypted secret key assigned by tacacs-server to cover the default secret key configured by global

configuration command tacacs-server key. Therefore, this command could be used to configure

the unique TACACS+ connection to enhance the network security.

10.4.2 Setting up TACACS+ Encrypted Secret Key

In order to set up the encrypted secret key of TACACS+ message, use the following command under the global

configuration mode:

Command Purpose

tacacs-server key

keystring To set up the encrypted secret key matched

with the encrypted secret key used by

TACACS+ server.

Note:

In order to encrypt successfully, the same secret key should also be configured for TACACS+

server program.

10.4.3 Assigning to Use TACACS+ for Authentication

After having marked the TACACS+ server and defined its related encrypted secret key, method table need to

be defined for TACACS+ authentication. Because TACACS+ authentication is by AAA, command aaa

authentication should be assigned as TACACS+’s authentication way. More information, please refer to

“Authentication Configuration”.

10.4.4 Assigning to Use TACACS+ for Authorization

AAA authorization could help to set up parameter to confine user’s network access limitation. TACACS+

authorization could be applied to services like command, network connection, EXEC dialogue and etc.

Because TACACS+ authorization is by AAA, command aaa authorization should be assigned as TACACS+’s

authentication way. More information, please refer to “Authorization Configuration”.

10.4.5 Assigning to Use TACACS+ for Accounting

AAA accounting is able to track user’s current service and their consumed network resources’ quantity.

Because TACACS+ authorization is by AAA, command aaa accounting should be assigned as TACACS+’s

accounting way. More information, please refer to “Accounting Configuration”.