Configuration Guide Manual

ManualsBrandsBrocade ManualsComputer AccessoriesTurboIron 24X Series

121

122

123

124

125

126

127

128

129

130

Brocade TurboIron 24X Series Configuration Guide 89

53-1003053-01

Configuring TACACS/TACACS+ security

TACACS/TACACS+ configuration considerations

• You must deploy at least one TACACS/TACACS+ server in your network.

• Devices support authentication using up to eight TACACS/TACACS+ servers. The device tries to

use the servers in the order you add them to the device configuration.

• You can select only one primary authentication method for each type of access to a device (CLI

through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+

as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS

authentication as a primary method for the same type of access. However, you can configure

backup authentication methods for each access type.

• You can configure the device to authenticate using a TACACS or TACACS+ server, not both.

TACACS configuration procedure

Follow the procedure given below for TACACS configurations.

1. Identify TACACS servers. Refer to “Identifying the TACACS/TACACS+ servers” on page 90.

2. Set optional parameters. Refer to “Setting optional TACACS/TACACS+ parameters” on page 91.

3. Configure authentication-method lists. Refer to “Configuring authentication-method lists for

TACACS/TACACS+” on page 92.

TACACS+ configuration procedure

Follow the procedure given below for TACACS+ configurations.

1. Identify TACACS+ servers. Refer to “Identifying the TACACS/TACACS+ servers” on page 90.

2. Set optional parameters. Refer to “Setting optional TACACS/TACACS+ parameters” on page 91.

3. Configure authentication-method lists. Refer to “Configuring authentication-method lists for

TACACS/TACACS+” on page 92.

4. Optionally configure TACACS+ authorization. Refer to “Configuring TACACS+ authorization” on

page 94.

5. Optionally configure TACACS+ accounting. Refer to “Configuring TACACS+ accounting” on

page 97.

Enabling TACACS

TACACS is disabled by default. To configure TACACS/TACACS+ authentication parameters, you must

enable TACACS by entering the following command.

TurboIron(config)#enable snmp config-tacacs

Syntax: [no] enable snmp <config-radius | config-tacacs>

The <config-radius> parameter specifies the RADIUS configuration mode. RADIUS is disabled by

default.

The <config-tacacs> parameter specifies the TACACS configuration mode. TACACS is disabled by

default.