Administrator's Guide v4.1.1 Manual

ManualsBrandsBrocade ManualsComputer AccessoriesNetwork OS

281

282

283

284

285

286

287

288

289

290

TACACS+ server parameters TABLE 50

Parameter Description

host IP address (IPv4 or IPv6) or domain/host name of the TACACS+ server. Host name

requires prior DNS configuration. The maximum supported length for the host name is

40 characters.

port The TCP port used to connect the TACACS+ server for authentication. The port range

is 1 through 65535; the default port is 49.

protocol The authentication protocol to be used. Options include CHAP and PAP. The default

protocol is CHAP.

key The shared secret between the switch and the TACACS+ server. The default value is

"sharedsecret." The key cannot contain spaces and must be from 8 through 40

characters in length. Empty keys are not supported.

retries The number of attempts permitted to connect to a TACACS+ server. The range is 0

through 100, and the default value is 5.

timeout The maximum amount of time to wait for a server to respond. Options are from 1

through 60 seconds, and the default value is 5 seconds.

encryption-level Whether the encryption key should be stored in clear-text or in encrypted format.

Default is 7 (encrypted). Possible values are 0 or 7, where 0 represents store the key

in clear-text format and 7 represents encrypted format.

NOTE

If you do not configure the key attribute, the authentication session will not be encrypted. The value of

key must match with the value configured in the TACACS+ configuration file; otherwise, the

communication between the server and the switch fails.

Refer also to:

• Adding a TACACS+ server to the client server list on page 287

• Modifying the client-side TACACS+ server configuration on page 288

• Configuring the client to use TACACS+ for login authentication on page 288

• Configuring TACACS+ accounting on the client side on page 289

Adding a TACACS+ server to the client server list

You must configure the Domain Name System (DNS) server on the switch prior to adding the TACACS

+ server with a domain name or a host name. Without the DNS server, name resolution of the TACACS

+ server fails and therefore the add operation fails. Use the ip dns command to configure the DNS

server.

NOTE

When a list of servers is configured, failover from one server to another server happens only if a

TACACS+ server fails to respond; it does not happen when user authentication fails.

The following procedure adds a TACACS+ server host in IPv6 format.

Adding a TACACS+ server to the client server list

Network OS Administrator’s Guide 287

53-1003225-04