Quick Reference Guide

ManualsBrandsDell ManualsComputer equipmentPowerConnect B-TI24x

911

912

913

914

915

916

917

918

919

920

884 PowerConnect B-Series TI24X Configuration Guide

53-1002269-02

Configuring TACACS/TACACS+ security

NOTE

The tacacs-server key command applies only to TACACS+ servers, not to TACACS servers. If you are

configuring TACACS, do not configure a key on the TACACS server and do not enter a key on the

device.

To specify a TACACS+ server key, enter a command such as following.

PowerConnect(config)# tacacs-server key rkwong

Syntax: tacacs-server key [0 | 1] <string>

When you display the configuration of the device, the TACACS+ keys are encrypted. For example.

PowerConnect(config)# tacacs-server key 1 abc

PowerConnect(config)# write terminal

...

tacacs-server host 1.2.3.5 auth-port 49

tacacs key 1 $!2d

NOTE

Encryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1

parameter is not required; it is provided for backwards compatibility.

Setting the retransmission limit

The retransmit parameter specifies how many times the device will resend an authentication

request when the TACACS/TACACS+ server does not respond. The retransmit limit can be from 1 –

5 times. The default is 3 times.

To set the TACACS/TACACS+ retransmit limit, enter a command such as the following.

PowerConnect(config)# tacacs-server retransmit 5

Syntax: tacacs-server retransmit <number>

Setting the timeout parameter

The timeout parameter specifies how many seconds the device waits for a response from the

TACACS/TACACS+ server before either retrying the authentication request, or determining that the

TACACS/TACACS+ server is unavailable and moving on to the next authentication method in the

authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.

PowerConnect(config)# tacacs-server timeout 5

Syntax: tacacs-server timeout <number>

Configuring authentication-method lists for TACACS/TACACS+

You can use TACACS/TACACS+ to authenticate Telnet/SSH access and access to Privileged EXEC

level and CONFIG levels of the CLI. When configuring TACACS/TACACS+ authentication, you create

authentication-method lists specifically for these access methods, specifying TACACS/TACACS+ as

the primary authentication method.

Within the authentication-method list, TACACS/TACACS+ is specified as the primary authentication

method and up to six backup authentication methods are specified as alternates. If

TACACS/TACACS+ authentication fails due to an error, the device tries the backup authentication

methods in the order they appear in the list.