Dell Force10 S55T S55 Configuration Guide FTOS 8.3.5.3 - Page 636
Specify a TACACS+ server host, Command Syntax, Command Mode, Purpose
View all Dell Force10 S55T manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 636 highlights
www.dell.com | support.dell.com Figure 35-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the configured access-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, FTOS also immediately closes the Telnet connection. Note, that no matter where the user is coming from, they see the login prompt. Figure 35-5. Specify a TACACS+ server host Force10# Force10(conf)# Force10(conf)#ip access-list standard deny10 Force10(conf-ext-nacl)#permit 10.0.0.0/8 Force10(conf-ext-nacl)#deny any Force10(conf)# Force10(conf)#aaa authentication login tacacsmethod tacacs+ Force10(conf)#aaa authentication exec tacacsauthorization tacacs+ Force10(conf)#tacacs-server host 25.1.1.2 key force10 Force10(conf)# Force10(conf)#line vty 0 9 Force10(config-line-vty)#login authentication tacacsmethod Force10(config-line-vty)#authorization exec tacauthor Force10(config-line-vty)# Force10(config-line-vty)#access-class deny10 Force10(config-line-vty)#end When configuring a TACACS+ server host, you can set different communication parameters, such as the the key password. To specify a TACACS+ server host and configure its communication parameters, use the following command in the CONFIGURATION mode: Command Syntax tacacs-server host {hostname | ip-address} [port port-number] [timeout seconds] [key key] Command Mode Purpose CONFIGURATION Enter the host name or IP address of the TACACS+ server host. Configure the optional communication parameters for the specific host: • port port-number range: 0 to 65335. Enter a TCP port number. The default is 49. • timeout seconds range: 0 to 1000. Default is 10 seconds. • key key: Enter a string for the key. The key can be up to 42 characters long. This key must match a key configured on the TACACS+ server host. This parameter should be the last parameter configured. If these optional parameters are not configured, the default global values are applied. To specify multiple TACACS+ server hosts, configure the tacacs-server host command multiple times. If multiple TACACS+ server hosts are configured, FTOS attempts to connect with them in the order in which they were configured. To view the TACACS+ configuration, use the show running-config tacacs+ command in the EXEC Privilege mode. 636 | Security