Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

ManualsBrandsBrocade ManualsComputer AccessoriesFabric OS

161

162

163

164

165

166

167

168

169

170

provide lists of Admin Domains or Virtual Fabrics to which the user should have access. For details,

refer to The tac_plus.cfg file on page 167.

On the Brocade switch, use the aaaConfig command to configure the switch to use TACACS+ for

authentication. The aaaConfig command also allows you to specify up to five TACACS+ servers. When

a list of servers is configured, failover from one server to another server happens only if a TACACS+

server fails to respond. It does not happen when user authentication fails.

Failover to another TACACS+ server is achieved by means of a timeout. You can configure a timeout

value for each TACACS+ server, so that the next server can be used in case the first server is

unreachable. The default timeout value is 5 seconds.

Retry, the number of attempts to authenticate with a TACAS+ server, is also allowed. The default value

is 5 attempts. If authentication is rejected or times out, Fabric OS will try again. The retry value can also

be customized for each user.

Refer to Remote authentication configuration on the switch on page 169 for details about configuring

the Brocade switch for authenticating users with a TACACS+ server.

Configuring the TACACS+ server on Linux

Fabric OS software supports TACACS+ authentication on a Linux server running the Open Source

TACACS+ LINUX package v4.0.4 from Cisco. To install and configure this software, perform the

following steps.

1. Download the TACACS+ software from http://www.cisco.com and install it.

2. Configure the TACACS+ server by editing the tac_plus.cfg file.

Refer to The tac_plus.cfg file on page 167 for details.

3. Run the tac_plus daemon to start and enable the TACACS+ service on the server.

switch:admin> tac_plus -d 16 /usr/local/etc/mavis/sample/tac_plus.cfg

The tac_plus.cfg file

The TACACS+ server is configured in the tac_plus.cfg file. Open the file by using the editor of your

choice and customize the file as needed.

You must add users into this file and provide some attributes specific to the Brocade implementation.

Table 27 lists and defines attributes specific to Brocade.

Brocade custom TACACS+ attributesTABLE 27

Attribute Purpose

brcd-role Role assigned to the user account

brcd-AV-Pair1 The Admin Domain or Virtual Fabric member list, and chassis role

brcd-AV-Pair2 The Admin Domain or Virtual Fabric member list, and chassis role

brcd-passwd-expiryDate The date on which the password expires

brcd-passwd-warnPeriod The time before expiration for the user to receive a warning message

Configuring the TACACS+ server on Linux

Fabric OS Administrators Guide 167

53-1003130-01