Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

121

122

123

124

125

126

127

128

129

130

110 ServerIron ADX Administration Guide

53-1002434-01

Configuring TACACS or TACACS+ security

AAA security for commands pasted into the running-config

If AAA security is enabled on the device, commands pasted into the running-config are subject to

the same AAA operations as if they were entered manually.

When you paste commands into the running-config, and AAA command authorization or accounting

is configured on the device, AAA operations are performed on the pasted commands. The AAA

operations are performed before the commands are actually added to the running-config. The

server performing the AAA operations should be reachable when you paste the commands into the

running-config file. If the device determines that a pasted command is invalid, AAA operations are

halted on the remaining commands. The remaining commands may not be executed if command

authorization is configured.

TACACS or TACACS+ configuration considerations

Consider the following:

• You must deploy at least one TACACS or TACACS+ server in your network.

• ServerIrons support authentication using up to eight TACACS or TACACS+ servers. The device

tries to use the servers in the order you add them to the device’s configuration.

• You can select only one primary authentication method for each type of access to a device (CLI

through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+

as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS

authentication as a primary method for the same type of access. However, you can configure

backup authentication methods for each access type.

• You can configure the ServerIron to authenticate using a TACACS or TACACS+ server, not both.

TACACS configuration procedure

For TACACS configurations, use the following procedure.

1. Identify TACACS servers. Refer to “Identifying the TACACS or TACACS+ servers” on page 111.

2. Set optional parameters. Refer to “Setting optional TACACS or TACACS+ parameters” on

page 112.

3. Configure authentication-method lists. Refer to “Configuring authentication-method lists for

TACACS or TACACS+” on page 114.

TACACS+ configuration procedure

For TACACS+ configurations, use the following procedure.

User enters other commands Command authorization (TACACS+):

aaa authorization commands <privilege-level> default <method-list>

Command accounting (TACACS+):

aaa accounting commands <privilege-level> default start-stop

<method-list>

User action Applicable AAA operations