Reference Guide

ManualsBrandsNEC ManualsSwitchN8406-022A

N8406-022A 1Gb Intelligent L2 Switch Browser-based Interface Reference Guide 79

The following table describes Switch TACACS+ Configuration controls:

Table 63 Switch TACACS+ Configuration controls

Control

Description

Primary Tacacs+ IP Address

Configures the primary TACACS+ server address.

Secondary Tacacs+ IP Address

Configures the secondary TACACS+ server address.

Tacacs+ port (1-65000)

Configures the number of the TCP port to be configured, between 1

and 65000. The default is 49.

Tacacs+ timeout (4-15)

Configures the amount of time, in seconds, before a TACACS+ server

authentication attempt is considered to have failed. The default timeout

is 5 seconds.

Tacacs+ retries (1-3)

Configures the number of failed authentication requests before

switching to a different TACACS+ server. The default retry count is 3

requests.

Enable/Disable Tacacs+ Server

Enables or disables the Tacacs+ server.

Enable/Disable Tacacs+ Backdoor for telnet

Enables or disables the Tacacs+ backdoor for telnet. Telnet also

applies to SSH/SCP connections.

Enable/Disable Tacacs+ new privilege level

mapping

Enables or disables TACACS+ privilege-level mapping.

The default value is disabled.

Tacacs+ Secret

Configures the shared secret (up to 32 characters) between the switch

and the TACACS+ server.

Secondary Tacacs+ Server Secret

Configures the secondary shared secret (up to 32 characters) between

the switch and the TACACS+ server.

Tacacs+ User Mappings Configuration

Maps a TACACS+ privilege level to this switch user level, as follows:

Remote Privilege

Enter a TACACS+ privilege level (0-15)

Local Privilege

Select the corresponding this switch user level.

IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when connecting via

the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using

noradius and the administrator password even if the backdoor (telnet) or secure backdoor (secbd) are

disabled.

If Telnet backdoor is enabled (telnet ena), type in noradius as a backdoor to bypass TACACS+

checking, and use the administrator password to log into the switch. The switch allows this even if TACACS+

servers are available.

If secure backdoor is enabled (secbd ena), type in noradius as a backdoor to bypass TACACS+ checking,

and use the administrator password to log into the switch. The switch allows this only if TACACS+ servers are

not available.