Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

121

122

123

124

125

126

127

128

129

130

ServerIron ADX Administration Guide 107

53-1002434-01

Configuring TACACS or TACACS+ security

TACACS or TACACS+ authentication, authorization, and accounting

When you configure a ServerIron to use a TACACS or TACACS+ server for authentication, the device

prompts users who are trying to access the CLI for a user name and password, then verifies the

password with the TACACS or TACACS+ server.

If you are using TACACS+, Brocade recommends that you also configure authorization, in which the

ServerIron consults a TACACS+ server to determine which management privilege level (and which

associated set of commands) an authenticated user is allowed to use. You can also optionally

configure accounting, which causes the ServerIron to log information on the TACACS+ server when

specified events occur on the device.

NOTE

By default, a user logging into the device through Telnet or SSH would first enter the User EXEC level.

The user can enter the enable command to get to the Privileged EXEC level.

A user that is successfully authenticated can be automatically placed at the Privileged EXEC level

after login. Refer to “Entering privileged EXEC mode after a Telnet or SSH login” on page 115.

TACACS authentication

When TACACS authentication takes place, the following events occur.

1. A user attempts to gain access to the ServerIron by doing one of the following:

• Logging into the device using Telnet, SSH, or the Web Management Interface

• Entering the Privileged EXEC level or CONFIG level of the CLI

2. The user is prompted for a username and password.

3. The user enters a username and password.

4. The ServerIron sends a request containing the username and password to the TACACS server.

5. The username and password are validated in the TACACS server’s database.

6. If the password is valid, the user is authenticated.

TACACS+ authentication

When TACACS+ authentication takes place, the following events occur.

1. A user attempts to gain access to the ServerIron by doing one of the following:

• Logging into the device using Telnet, SSH, or the Web Management Interface

• Entering the Privileged EXEC level or CONFIG level of the CLI

2. The user is prompted for a username.

3. The user enters a username.

4. The ServerIron obtains a password prompt from a TACACS+ server.

5. The user is prompted for a password.

6. The user enters a password.

7. The ServerIron sends the password to the TACACS+ server.

8. The password is validated in the TACACS+ server’s database.