Users Guide

ManualsBrandsDell ManualsAccess PlatformsOS9

761

762

763

764

765

766

767

768

769

770

When configuring a TACACS+ server host, you can set different communication parameters, such as the key password.

Example of Specifying a TACACS+ Server Host

DellEMC(conf)#

DellEMC(conf)#aaa authentication login tacacsmethod tacacs+

DellEMC(conf)#aaa authentication exec tacacsauthorization tacacs+

DellEMC(conf)#tacacs-server host 25.1.1.2 key Force

DellEMC(conf)#

DellEMC(conf)#line vty 0 9

DellEMC(config-line-vty)#login authentication tacacsmethod

DellEMC(config-line-vty)#end

Specifying a TACACS+ Server Host

To specify a TACACS+ server host and configure its communication parameters, use the following command.

● Enter the host name or IP address of the TACACS+ server host.

CONFIGURATION mode

tacacs-server host {hostname | ip-address} [port port-number] [timeout seconds] [key key]

Configure the optional communication parameters for the specific host:

○ port port-number: the range is from 0 to 65535. Enter a TCP port number. The default is 49.

○ timeout seconds: the range is from 0 to 1000. Default is 10 seconds.

○ key key: enter a string for the key. The key can be up to 42 characters long. This key must match a key configured on

the TACACS+ server host. This parameter must be the last parameter you configure.

If you do not configure these optional parameters, the default global values are applied.

To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. If you configure

multiple TACACS+ server hosts, Dell EMC Networking OS attempts to connect with them in the order in which they were

configured.

To view the TACACS+ configuration, use the show running-config tacacs+ command in EXEC Privilege mode.

To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command.

freebsd2# telnet 2200:2200:2200:2200:2200::2202

Trying 2200:2200:2200:2200:2200::2202...

Connected to 2200:2200:2200:2200:2200::2202.

Escape character is '^]'.

Password:

DellEMC#

Command Authorization

The AAA command authorization feature configures Dell EMC Networking OS to send each configuration command to a

TACACS server for authorization before it is added to the running configuration.

By default, the AAA authorization commands configure the system to check both EXEC mode and CONFIGURATION mode

commands. Use the no aaa authorization config-commands command to enable only EXEC mode command

checking.

If rejected by the AAA server, the command is not added to the running config, and a message displays:

04:07:48: %RPM0-P:CP %SEC-3-SEC_AUTHORIZATION_FAIL: Authorization failure Command

authorization failed for user (denyall) on vty0 ( 10.11.9.209 )

Certain TACACS+ servers do not authenticate the device if you use the aaa authorization commands level default

local tacacs+ command. To resolve the issue, use the aaa authorization commands level default tacacs+

local command.

762

Security