Dell Brocade G620 Brocade 8.0.1 Fabric OS Administratiors Guide - Page 180
TACACS+ service, TACACS+ configuration overview, Configuring the TACACS+ server on Linux
![]() |
View all Dell Brocade G620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 180 highlights
Managing User Accounts TACACS+ service Fabric OS can authenticate users with a remote server using the Terminal Access Controller Access-Control System Plus (TACACS+) protocol. TACACS+ is a protocol used in AAA server environments consisting of a centralized authentication server and multiple Network Access Servers or clients. Once configured to use TACACS+, a Brocade switch becomes a Network Access Server (NAS). The following authentication protocols are supported by the TACACS+ server for user authentication: ∙ Password Authentication Protocol (PAP) ∙ Challenge Handshake Authentication Protocol (CHAP) TACACS+ is not a FIPS-supported protocol, so you cannot configure TACACS+ in FIPS mode. To enable FIPS, any TACACS+ configuration must be removed. The TACACS+ server can be a Microsoft Windows server or a Linux server. For Linux servers, use TACACS+ 4.0.4 or later from Cisco. For Microsoft Windows servers, use any TACACS+ freeware that uses TACACS+ protocol v1.78 or later. TACACS+ configuration overview Configuration is required on both the TACACS+ server and the Brocade switch. On the TACACS+ server, you should assign a role for each user and, provide lists of Virtual Fabrics to which the user should have access. For details, refer to The tac_plus.cfg file on page 180. On the Brocade switch, use the aaaConfig command to configure the switch to use TACACS+ for authentication. The aaaConfig command also allows you to specify up to five TACACS+ servers. When a list of servers is configured, failover from one server to another server happens only if a TACACS+ server fails to respond. It does not happen when user authentication fails. Failover to another TACACS+ server is achieved by means of a timeout. You can configure a timeout value for each TACACS+ server, so that the next server can be used in case the first server is unreachable. The default timeout value is 5 seconds. Retry, the number of attempts to authenticate with a TACAS+ server, is also allowed. The default value is 5 attempts. If authentication is rejected or times out, Fabric OS will try again. The retry value can also be customized for each user. Refer to Remote authentication configuration on the switch on page 182 for details about configuring the Brocade switch for authenticating users with a TACACS+ server. Configuring the TACACS+ server on Linux Fabric OS software supports TACACS+ authentication on a Linux server running the Open Source TACACS+ LINUX package v4.0.4 from Cisco. To install and configure this software, perform the following steps. 1. Download the TACACS+ software from http://www.cisco.com and install it. 2. Configure the TACACS+ server by editing the tac_plus.cfg file. Refer to The tac_plus.cfg file on page 180 for details. 3. Run the tac_plus daemon to start and enable the TACACS+ service on the server. switch:admin> tac_plus -d 16 /usr/local/etc/mavis/sample/tac_plus.cfg The tac_plus.cfg file The TACACS+ server is configured in the tac_plus.cfg file. Open the file by using the editor of your choice and customize the file as needed. You must add users into this file and provide some attributes specific to the Brocade implementation. Table 28 lists and defines attributes specific to Brocade. Brocade Fabric OS Administration Guide, 8.0.1 180 53-1004111-02
![](/manual_guide/products/dell-brocade-g620-brocade-801-fabric-os-administratiors-guide-fdaf46d/180.png)