Technical data

ManualsBrandsBrocade Communications Systems ManualsHome Theater ServerServerIron ADX 12.4.00

131

132

133

134

135

136

137

138

139

140

120 ServerIron ADX Administration Guide

53-1002434-01

Configuring TACACS or TACACS+ security

Configuring TACACS+ accounting for system events

You can configure TACACS+ accounting to record when system events occur on the ServerIron.

System events include rebooting and when changes to the active configuration are made.

The following command causes an Accounting Start packet to be sent to the TACACS+ accounting

server when a system event occurs, and a Accounting Stop packet to be sent when the system

event is completed.

ServerIronADX(config)# aaa accounting system default start-stop tacacs+

Syntax: aaa accounting system default start-stop radius | tacacs+ | none

Configuring an interface as the source for all TACACS or TACACS+

packets

You can designate the lowest-numbered IP address configured an Ethernet port, POS port,

loopback interface, or virtual interface as the source IP address for all TACACS or TACACS+ packets

from the Layer 3 Switch. Identifying a single source IP address for TACACS or TACACS+ packets

provides the following benefits:

• If your TACACS or TACACS+ server is configured to accept packets only from specific links or IP

addresses, you can use this feature to simplify configuration of the TACACS or TACACS+ server

by configuring the ServerIron to always send the TACACS or TACACS+ packets from the same

link or source address.

• If you specify a loopback interface as the single source for TACACS or TACACS+ packets,

TACACS or TACACS+ servers can receive the packets regardless of the states of individual links.

Thus, if a link to the TACACS or TACACS+ server becomes unavailable but the client or server

can be reached through another link, the client or server still receives the packets, and the

packets still have the source IP address of the loopback interface.

The software contains separate CLI commands for specifying the source interface for Telnet,

TACACS or TACACS+, and RADIUS packets. You can configure a source interface for one or more of

these types of packets.

To specify an Ethernet or POS port or a loopback or virtual interface as the source for all TACACS or

TACACS+ packets from the device, use the following CLI method. The software uses the

lowest-numbered IP address configured on the port or interface as the source IP address for

TACACS or TACACS+ packets originated by the device.

To specify the lowest-numbered IP address configured on a virtual interface as the device’s source

for all TACACS or TACACS+ packets, enter commands such as the following.

ServerIronADX(config)# interface ve 1

ServerIronADX(config-vif-1)# ip address 10.0.0.3/24

ServerIronADX(config-vif-1)# exit

ServerIronADX(config)# ip tacacs source-interface ve 1

The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the

interface, then designate the interface as the source for all TACACS or TACACS+ packets from the

Layer 3 Switch.

Syntax: ip tacacs source-interface ethernet <portnum> | pos <portnum> | loopback <num> | ve

<num>