Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

911

912

913

914

915

916

917

918

919

920

882 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Configuring TACACS/TACACS+ security

PowerConnect(config)# enable snmp config-tacacs

Syntax: [no] enable snmp <config-radius | config-tacacs>

The <config-radius> parameter specifies the RADIUS configuration mode. RADIUS is disabled by

default.

The <config-tacacs> parameter specifies the TACACS configuration mode. TACACS is disabled by

default.

Identifying the TACACS/TACACS+ servers

To use TACACS/TACACS+ servers to authenticate access to a device, you must identify the servers

to the device.

For example, to identify three TACACS/TACACS+ servers, enter commands such as the following.

PowerConnect(config)# tacacs-server host 207.94.6.161

PowerConnect(config)# tacacs-server host 207.94.6.191

PowerConnect(config)# tacacs-server host 207.94.6.122

Syntax: tacacs-server host <ip-addr> | <ipv6-addr> | <hostname> [auth-port <number>]

The <ip-addr>|<ipv6-addr>|<hostname> parameter specifies the IP address or host name of the

server. You can enter up to eight tacacs-server host commands to specify up to eight different

servers.

NOTE

To specify the server's host name instead of its IP address, you must first identify a DNS server using

the ip dns server-address <ip-addr> command at the global CONFIG level.

If you add multiple TACACS/TACACS+ authentication servers to the device, the device tries to reach

them in the order you add them. For example, if you add three servers in the following order, the

software tries the servers in the same order.

1. 207.94.6.161

2. 207.94.6.191

3. 207.94.6.122

You can remove a TACACS/TACACS+ server by entering no followed by the tacacs-server command.

For example, to remove 207.94.6.161, enter the following command.

PowerConnect(config)# no tacacs-server host 207.94.6.161

NOTE

If you erase a tacacs-server command (by entering “no” followed by the command), make sure you

also erase the aaa commands that specify TACACS/TACACS+ as an authentication method. (Refer

to “Configuring authentication-method lists for TACACS/TACACS+” on page 884.) Otherwise, when

you exit from the CONFIG mode or from a Telnet session, the system continues to believe it is

TACACS/TACACS+ enabled and you will not be able to access the system.

The auth-port parameter specifies the UDP (for TACACS) or TCP (for TACACS+) port number of the

authentication port on the server. The default port number is 49.