Reference Guide

ManualsBrandsNEC ManualsBlade ServersNEC N8406-023 1Gb Intelligent L3 Switch

111

112

113

114

115

116

117

118

119

120

N8406-023 1Gb Intelligent L3 Switch Browser-based Interface Reference Guide 115

The following table describes Switch TACACS+ Configuration controls:

Table 89 Switch TACACS+ Configuration controls

Control

Description

Primary Tacacs+ IP Address

Configures the primary TACACS+ server address.

Secondary Tacacs+ IP Address

Configures the secondary TACACS+ server address.

Tacacs+ port (1-65000)

Configures the number of the TCP port to be configured, between 1

and 65000. The default is 49.

Tacacs+ timeout (4-15)

Configures the amount of time, in seconds, before a TACACS+ server

authentication attempt is considered to have failed. The default timeout

is 5 seconds.

Tacacs+ retries (1-3)

Configures the number of failed authentication requests before

switching to a different TACACS+ server. The default retry count is 3

requests.

Enable/Disable Tacacs+ Server

Enables or disables the Tacacs+ server. The default is disabled.

Enable/Disable Tacacs+ Backdoor for telnet

Enables or disables the Tacacs+ backdoor for telnet. The default is

disabled. Telnet also applies to SSH/SCP connections.

Enable/Disable Tacacs+ Secure Backdoor for

telnet

Enables or disables the TACACS+ back door using secure password

for telnet/SSH/ HTTP/HTTPS. The default is disabled.

Enable/Disable Tacacs+ new privilege level

mapping

Enables or disables TACACS+ privilege-level mapping.

The default value is disabled.

Tacacs+ Secret

Configures the shared secret (up to 32 characters) between the switch

and the TACACS+ server.

Secondary Tacacs+ Server Secret

Configures the secondary shared secret (up to 32 characters) between

the switch and the TACACS+ server.

Tacacs+ User Mappings Configuration

Maps a TACACS+ privilege level to this switch user level, as follows:

Remote Privilege

Enter a TACACS+ privilege level (0-15)

Local Privilege

Select the corresponding this switch user level.

IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when connecting via

the console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using

noradius and the administrator password even if the backdoor (Backdoor for telnet) or secure backdoor

(Secure Backdoor for telnet) are disabled.

If Telnet backdoor is enabled, type in noradius as a backdoor to bypass TACACS+ checking, and use the

administrator password to log into the switch. The switch allows this even if TACACS+ servers are available.

If secure backdoor is enabled, type in noradius as a backdoor to bypass TACACS+ checking, and use the

administrator password to log into the switch. The switch allows this only if TACACS+ servers are not

available.