Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

121

122

123

124

125

126

127

128

129

130

ServerIron ADX Administration Guide 113

53-1002434-01

Configuring TACACS or TACACS+ security

ServerIronADX(config)# tacacs-server key rkwong

Syntax: tacacs-server key [0 | 1] <string>

The key parameter in the tacacs-server command is used to encrypt TACACS+ packets before they

are sent over the network. The value for the key parameter on the ServerIron should match the one

configured on the TACACS+ server. The key can be from 1 – 32 characters in length and cannot

include any space characters.

When you display the configuration of the ServerIron, the TACACS+ keys are encrypted.

Example

ServerIronADX(config)# tacacs-server key 1 abc

ServerIronADX(config)# write terminal

...

tacacs-server host 1.2.3.5 auth-port 49

tacacs key 1 $!2d

NOTE

Encryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1

parameter is not required; it is provided for backwards compatibility.

Setting the retransmission limit

To set the TACACS or TACACS+ retransmit limit, enter a command such as the following.

ServerIronADX(config)# tacacs-server retransmit 5

Syntax: tacacs-server retransmit <number>

The retransmit parameter specifies how many times the ServerIron will resend an authentication

request when the TACACS or TACACS+ server does not respond. The retransmit limit can be from 0

– 5 times. The default is 3 times.

Setting the dead time parameter

To set the TACACS or TACACS+ dead-time value, enter a command such as the following.

ServerIronADX(config)# tacacs-server dead-time 5

Syntax: tacacs-server dead-time <number>

The dead-time parameter specifies how long the ServerIron waits for the primary authentication

server to reply before deciding the server is dead and trying to authenticate using the next server.

The dead-time value can be from 1 – 5 seconds. The default is 3 seconds.

Setting the timeout parameter

ServerIronADX(config)# tacacs-server timeout 5

Syntax: tacacs-server timeout <number>

The timeout parameter specifies how many seconds the ServerIron waits for a response from the

TACACS or TACACS+ server before either retrying the authentication request, or determining that

the TACACS or TACACS+ server is unavailable and moving on to the next authentication method in

the authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3

seconds.