Home » Dell Manuals » Hubs & Switches » Dell PowerConnect B-RX » Manual Viewer

Dell PowerConnect B-RX BigIron RX Series Configuration Guide v02.8.00 - Page 163

Enabling SNMP to con TACACS and TACACS, TACACS configuration procedure

View all Dell PowerConnect B-RX manuals

Add to My Manuals
Save this manual to your list of manuals

Page 163 highlights

Configuring TACACS and TACACS+ security 4 • You can select only one primary authentication method for each type of access to a device (CLI through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+ as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS authentication as a primary method for the same type of access. However, you can configure backup authentication methods for each access type. • You can configure the Brocade device to authenticate using a TACACS or TACACS+ server, not both. TACACS configuration procedure For TACACS configurations, use the following procedure. 1. Identify TACACS servers. Refer to "Identifying the TACACS and TACACS+ servers" on page 88. 2. Set optional parameters. Refer to "Setting optional TACACS and TACACS+ parameters" on page 89. 3. Configure authentication-method lists. Refer to "Configuring authentication-method lists for TACACS and TACACS+" on page 90. TACACS+ configuration procedure For TACACS+ configurations, use the following procedure. 1. Enable TACACS, refer to "Enabling SNMP to configure TACACS and TACACS" on page 87 2. Identify TACACS+ servers. Refer to "Identifying the TACACS and TACACS+ servers" on page 88. 3. Set optional parameters. Refer to "Setting optional TACACS and TACACS+ parameters" on page 89. 4. Configure authentication-method lists. Refer to "Configuring authentication-method lists for TACACS and TACACS+" on page 90. 5. Optionally configure TACACS+ authorization. Refer to "Configuring TACACS+ authorization" on page 92. 6. Optionally configure TACACS+ accounting. Refer to "Configuring TACACS+ accounting" on page 95. Enabling SNMP to configure TACACS and TACACS TACACS is disabled by default. To enable SNMP access to TACACS MIB objects on the device, enter the following command. BigIron RX(config)#enable snmp config-tacacs Syntax: [no] enable snmp The parameter specifies the RADIUS configuration mode. Radius is disabled by default. The parameter specifies the TACACS configuration mode. TACACS is disabled by default. BigIron RX Series Configuration Guide 87 53-1002253-01

Section	Page
Contents	3
About This Document	41
Audience	41
Supported hardware and software	41
List of supported features	41
Unsupported features	44
What’s new in this document	45
Enhancements in release 02.8.00	46
Enhancements in release 02.7.03	47
Enhancements in release 02.7.02	48
Enhancements in release 02.7.00	50
Enhancements in release 02.6.00	51
Enhancements in patch release 02.5.00c	54
Enhancements in patch release 02.5.00b	55
Enhancements in release 02.5.00	55
Enhancements in patch release 02.4.00c	57
Enhancements in release 02.4.00	58
Enhancements in patch release 02.3.00a	62
Enhancements in release 02.3.00	63
Enhancements in release 02.2.01	69
Enhancements in release 02.2.00g	73
Enhancements in release 02.2.00	73
Document conventions	74
Text formatting	74
Command syntax conventions	74
Notes, cautions, and danger notices	75
Notice to the reader	75
Related publications	75
Getting technical help or reporting errors	76
E-mail and telephone access	76
Getting Started with the Command Line Interface	77
In this chapter	77
Logging on through the CLI	77
On-line help	78
Command completion	78
Scroll control	78
Line editing commands	79
EXEC commands	79
Global level	80
CONFIG commands	80
Accessing the CLI	83
Navigating among command levels	84
CLI command structure	84
Searching and filtering output	85
Allowable characters for LAG names	89
Syntax shortcuts	90
Saving configuration changes	90
Getting Familiar With the BigIron RX Series Switch Management Applications	91
How to manage BigIron RX Series switch	91
Logging on through the CLI	91
On-line help	92
Command completion	92
Scroll control	92
Line editing commands	93
Searching and filtering output from CLI commands	93
Allowable characters for LAG names	97
Logging on through the Web Management Interface	98
Web Management Interface	99
Using a Redundant Management Module	101
How management module redundancy works	101
Management module redundancy overview	101
Management module switchover	102
Switchover implications	103
Management module redundancy configuration	105
Changing the default active slot	105
Managing management module redundancy	105
File synchronization between the active and standby management modules	105
Manually switching over to the standby management module	108
Rebooting the active and standby management modules	108
Monitoring management module redundancy	109
Determining management module status	109
Displaying temperature information	110
Displaying switchover information	110
Flash memory and PCMCIA flash card file management commands	112
Management focus	113
Flash memory file system	114
PCMCIA flash card file system	115
Wildcards	116
Formatting a flash card	116
Determining the current management focus	117
Switching the management focus	117
Displaying a directory of the files	118
Displaying the contents of a file	120
Displaying the hexadecimal output of a file	121
Creating a subdirectory	121
Removing a subdirectory	123
Renaming a file	124
Changing the read-write attribute of a file	124
Deleting a file	125
Recovering (“undeleting”) a file	126
Appending a file to another file	127
Copying files using the copy command	127
Copying files using the cp command	132
Loading the software	133
Saving configuration changes	134
File management messages	135
Securing Access to Management Functions	137
Securing access methods	137
Restricting remote access to management functions	139
Using ACLs to restrict remote access	139
Restricting remote access to the device to specific IP addresses	142
Specifying the maximum number of login attempts for Telnet access	143
Restricting remote access to the device to specific VLAN IDs	144
Disabling specific access methods	145
Setting passwords	146
Setting a Telnet password	147
Setting passwords for management privilege levels	147
Recovering from a lost password	149
Displaying the SNMP community string	150
Disabling password encryption	150
Specifying a minimum password length	150
Setting up local user accounts	150
Configuring a local user account	151
Username, password and login rules	153
Configuring the strict password feature	154
Configuring SSL security for the Web Management Interface	157
Enabling the SSL server on the device	157
Importing digital certificates and RSA private key files	157
Generating an SSL certificate	158
Configuring TACACS and TACACS+ security	158
How TACACS+ differs from TACACS	159
TACACS and TACACS+ authentication, authorization, and accounting	159
TACACS and TACACS+ configuration considerations	162
Enabling SNMP to configure TACACS and TACACS	163
Identifying the TACACS and TACACS+ servers	164
Specifying different servers for individual AAA functions	164
Setting optional TACACS and TACACS+ parameters	165
Configuring authentication-method lists for TACACS and TACACS+	166
Configuring TACACS+ authorization	168
Configuring TACACS+ accounting	171
Configuring an interface as the source for all TACACS and TACACS+ packets	172
Displaying TACACS and TACACS+ statistics and configuration information	173
Configuring RADIUS security	174
RADIUS authentication, authorization, and accounting	174
RADIUS configuration considerations	177
RADIUS configuration procedure	178
Configuring Brocade-specific attributes on the RADIUS server	178
Enabling SNMP to configure RADIUS	179
Identifying the RADIUS server to the BigIron RX	180
Specifying different servers for individual AAA functions	180
Setting RADIUS parameters	180
Configuring authentication-method lists for RADIUS	181
Configuring RADIUS authorization	183
Configuring RADIUS accounting	185
Configuring an interface as the source for all RADIUS packets	186
Displaying RADIUS configuration information	186
Configuring authentication-method lists	188
Configuration considerations for authentication- method lists	189
Examples of authentication-method lists	189
Configuring Basic Parameters	193
Entering system administration information	193
Configuring Simple Network Management Protocol traps	194
Specifying an SNMP trap receiver	194
Specifying a Single trap source	195
Setting the SNMP Trap holddown time	195
Disabling SNMP traps	196
Disabling Syslog messages and traps for CLI access	197
Configuring an interface as source for all Telnet packets	198
Cancelling an outbound Telnet session	199
Configuring an interface as the source for all TFTP packets	199
Configuring an interface as the source for Syslog packets	199
Specifying a Simple Network Time Protocol (SNTP) server	200
Setting the system clock	202
New Daylight Saving Time (DST)	203
Configuring CLI banners	203
Setting a message of the day banner	204
Setting a privileged EXEC CLI level banner	204
Displaying a message on the console when an incoming Telnet session is detected	205
Configuring terminal display	205
Checking the length of terminal displays	205
Enabling or disabling routing protocols	206
Displaying and modifying system parameter default settings	206
Enabling or disabling Layer 2 switching	209
CAM partitioning for the BigIron RX	210
Re-distributing CAM allocations	210
Nexthop table	211
Changing the MAC age time	212
Configuring static ARP entries	212
Pinging an IPv4 address	213
Configuring Interface Parameters	215
Assigning a port name	215
Assigning an IP address to a port	215
Speed/Duplex negotiation	216
Disabling or re-enabling a port	217
Changing the default Gigabit negotiation mode	217
Changing the negotiation mode	218
Disabling or re-enabling flow control	218
Specifying threshold values for flow control	218
Locking a port to restrict addresses	219
Wait for all cards feature	219
Port transition hold timer	220
Port flap dampening	220
Modifying port priority (QoS)	222
Assigning a mirror port and monitor ports	222
Configuration guidelines for monitoring traffic	222
Configuring port mirroring and monitoring	222
Monitoring an individual trunk port	224
Mirror ports for Policy-Based Routing (PBR) traffic	225
About hardware-based PBR	225
Configuring mirror ports for PBR traffic	226
Displaying mirror and monitor port configuration	226
Enabling WAN PHY mode support	227
Configuring IP	229
Overview of configuring IP	229
The IP packet flow	229
ARP cache table	230
Static ARP table	230
IP Route table	231
IP forwarding cache	232
Basic IP parameters and defaults	232
When parameter changes take effect	233
IP global parameters	233
IP interface parameters	236
Configuring IP parameters	237
Configuring IP addresses	237
Changing the network mask display to prefix format	240
Configuring the default gateway	240
GRE IP tunnel	241
IPv6 over IPv4 tunnels in hardware	246
Configuring Domain Name Server (DNS) resolver	250
Adding host names to the DNS cache table	251
Configuring packet parameters	255
Changing the encapsulation type	255
Setting maximum frame size per PPCR	256
Changing the MTU	257
Changing the router ID	258
Specifying a single source interface for Telnet, TACACS, TACACS+, or RADIUS packets	259
Configuring an interface as the source for Syslog packets	261
IP fragmentation protection	261
IP option attack protection	262
IP receive access list	262
Configuring ARP parameters	263
How ARP works	263
Rate limiting ARP packets	264
Applying a rate limit to ARP packets on an interface	264
Clearing the rate limit for ARP packets	266
Changing the ARP aging period	266
Creating a floating static ARP entry	268
Static route ARP validation check	268
Configuring forwarding parameters	270
Disabling ICMP messages	272
Disabling ICMP redirect messages	274
Configuring static routes	274
Static route tagging	279
Configuring a default network route	284
Configuring IP load sharing	285
Default route ECMP	288
IP receive access list	289
Configuring IRDP	290
Configuring UDP broadcast and IP helper parameters	292
Configuring BootP/DHCP forwarding parameters	294
Displaying IP information	296
Displaying IP interface information	299
Displaying interface name in Syslog	300
Displaying ARP entries	300
Displaying the forwarding cache	302
Displaying the IP route table	304
Clearing IP routes	307
Displaying IP traffic statistics	307
Displaying TCP traffic statistics	310
Link Aggregation	313
Link aggregation overview	313
LAG formation rules	313
LAG load sharing	316
Configuration of a LAG	317
Creating a Link Aggregation Group (LAG)	317
Deploying a LAG	320
Commands available under LAG once it is deployed	320
Configuring ACL-based mirroring	321
Disabling ports within a LAG	321
Enabling ports within a LAG	321
Monitoring an individual LAG port	322
Assigning a name to a port within a LAG	322
Enabling sFlow forwarding on a port within a LAG	322
Setting the sFlow sampling rate for a port within a LAG	323
Displaying LAG information	323
Displaying LAG statistics	327
Configuring LLDP	329
Terms used in this chapter	329
LLDP overview	329
Benefits of LLDP	330
General operating principles	331
Operating modes	331
LLDP packets	331
TLV support	332
MIB support	335
Syslog messages	335
Web Management	335
Configuring LLDP	335
Configuration notes and considerations	336
Enabling and disabling LLDP	337
Changing a port’s LLDP operating mode	337
Specifying the maximum number of LLDP neighbors	338
Enabling LLDP SNMP notifications and Syslog messages	339
Specifying the minimum time between SNMP traps and Syslog messages	340
Changing the minimum time between LLDP transmissions	340
Changing the interval between regular LLDP transmissions	341
Changing the holdtime multiplier for transmit TTL	341
Changing the minimum time between port reinitializations	342
LLDP TLVs advertised by the Brocade device	342
Displaying LLDP statistics and configuration settings	349
LLDP configuration summary	350
LLDP statistics	350
LLDP neighbors	352
LLDP neighbors detail	353
LLDP configuration details	354
Resetting LLDP statistics	355
Configuring Uni-Directional Link Detection (UDLD)	357
Configuration considerations	358
Configuring UDLD	358
Changing the keepalive interval	358
Changing the keepalive retries	358
Displaying UDLD information	359
Displaying information for all ports	359
Displaying link-keepalive information	359
Displaying information for a single port	360
Clearing UDLD statistics	362
VLANs	363
Overview of Virtual Local Area Networks (VLANs)	363
Tagged, untagged, and dual-mode ports	363
Protocol-based VLANs	365
VLAN configuration rules	366
VLAN ID range	366
Tagged VLANs	366
VLAN hierarchy	366
Multiple VLAN membership rules	366
Layer 2 control protocols on VLANs	367
Configuring port-based VLANs	367
VLAN byte accounting	368
Strictly or explicitly tagging a port	370
Assigning or changing a VLAN priority	370
Assigning a different ID to the default VLAN	370
Configuring protocol-based VLANs	371
Configuring an MSTP instance	372
Configuring virtual routing interfaces	372
Bridging and routing the same protocol simultaneously on the same device	373
Integrated Switch Routing (ISR)	374
VLAN groups	375
Configuring a VLAN group	375
Configuring super aggregated VLANs	377
Configuring aggregated VLANs	379
Complete CLI examples	380
Configuring 802.1q-in-q tagging	383
Configuration rules	384
Enabling 802.1Q-in-Q tagging	385
Example configuration	385
Configuring 802.1q tag-type translation	386
Configuration rules	388
Enabling 802.1q tag-type translation	389
Private VLANs	390
Implementation notes	391
Configuration notes	391
Configuring a private VLAN	392
Enabling broadcast, multicast or unknown unicast traffic to the private VLAN	394
CLI example for Figure 30	394
Other VLAN features	395
Allocating memory for more VLANs or virtual routing interfaces	395
Hardware flooding for Layer 2 multicast and broadcast packets	395
Unknown unicast flooding on VLAN ports	396
Flow based MAC learning	396
Configuring uplink ports within a port-based VLAN	397
Configuring control protocols in VLANs	397
Other configuration options	397
Displaying VLAN information	397
Displaying VLAN information	398
Displaying VLAN information for specific ports	398
Displaying VLAN status and port types	399
Displaying VLAN group information	400
Transparent firewall mode	401
Enabling a transparent firewall	401
Configuring Spanning Tree Protocol	403
IEEE 802.1D Spanning Tree Protocol (STP)	403
Enabling or disabling STP	403
Default STP bridge and port parameters	404
Changing STP bridge parameters	405
Changing STP port parameters	406
STP root guard	406
Spanning Tree Protocol (STP) BPDU guard	407
Displaying STP information	408
IEEE Single Spanning Tree (SSTP)	416
SSTP defaults	417
Enabling SSTP	417
Displaying SSTP information	418
PVST/PVST+ compatibility	419
Overview of PVST and PVST+	419
VLAN tags and dual mode	419
Enabling PVST+ support	420
Displaying PVST+ support information	420
Configuration examples	421
SuperSpan™	423
Customer ID	424
BPDU forwarding	424
Configuring SuperSpan	429
Configuring Rapid Spanning Tree Protocol	433
Overview of Rapid Spanning Tree Protocol	433
Bridges and bridge port roles	433
Assignment of port roles	434
Ports on Switch 1	435
Ports on Switch 2	435
Ports on Switch 3	435
Ports Switch 4	436
Edge ports and edge port roles	436
Point-to-point ports	437
Bridge port states	437
Edge port and non-edge port states	438
Changes to port roles and states	438
State machines	438
Handshake mechanisms	439
Convergence in a simple topology	449
Convergence at start up	450
Convergence after a link failure	452
Convergence at link restoration	453
Convergence in a complex RSTP topology	454
Propagation of topology change	457
Compatibility of RSTP with 802.1D	460
Configuring RSTP parameters	461
Enabling or disabling RSTP in a port-based VLAN	461
Enabling or disabling RSTP on a single spanning tree	462
Disabling or enabling RSTP on a port	462
Changing RSTP bridge parameters	462
Changing port parameters	463
Fast port span	464
Fast uplink span	466
Displaying RSTP information	468
Metro Ring Protocol (MRP) Phase 1 and 2	477
Metro Ring Protocol (MRP) phase 1	477
MRP rings without shared interfaces	478
Ring initialization	479
How ring breaks are detected and healed	482
Master VLANs and customer VLANs in a topology group	484
Configuring MRP	486
Adding an MRP ring to a VLAN	487
Changing the hello and preforwarding times	488
MRP phase 2	488
Ring initialization for shared interfaces	490
How ring breaks are detected and healed between shared interfaces	490
Selection of master node	491
RHP processing in rings with shared interfaces	491
Normal flow	492
Flow when a link breaks	493
Configuring MRP with shared interfaces	493
Using MRP diagnostics	494
Enabling MRP diagnostics	494
Displaying MRP diagnostics	495
Displaying MRP information	495
Displaying topology group information	495
Displaying ring information	496
MRP CLI example	497
Commands on switch A (master node)	498
Commands on switch B	498
Commands on switch C	499
Commands on switch D	499
Virtual Switch Redundancy Protocol (VSRP)	501
Overview of Virtual Switch Redundancy Protocol (VSRP)	501
Layer 2 and Layer 3 redundancy	502
Master election and failover	502
Configuring basic VSRP parameters	507
Enabling Layer 3 VSRP	508
Configuring optional VSRP parameters	508
Disabling VSRP on a VRID	508
Configuring authentication	508
Configuring a VRID IP address	509
VSRP fast start	510
Changing the backup priority	511
Saving the timer values received from the master	511
VSRP slow start	512
Changing the Time-To-Live (TTL)	512
Changing the hello interval	513
Changing the dead interval	513
Changing the backup hello state and interval	513
Changing the hold-down interval	514
Changing the default track priority	514
Specifying a track port	515
Disabling or re-enabling backup pre-emption	515
Port transition hold timer	515
Clearing VSRP information	516
VSRP and MRP signaling	516
Displaying VSRP information	518
Displaying VRID information	518
Displaying a summary of VSRP information	520
Displaying VSRP packet statistics for VSRP	521
Displaying the active interfaces for a VRID	522
Topology Groups	523
Topology overview	523
Master VLAN and member VLANs	523
Master VLANs and customer VLANs in MRP	524
Control ports and free ports	524
Configuration considerations	524
Configuring a topology group	525
Displaying topology group information	525
Displaying topology group information	525
Configuring VRRP and VRRPE	527
Overview of VRRP	527
Standard VRRP	527
Brocade enhancements of VRRP	529
Overview of VRRPE	531
VRRP and VRRPE parameters	534
Configuring parameters specific to VRRP	536
Configuring the owner	536
Configuring basic VRRP parameters	536

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1,000
1,001
1,002
1,003
1,004
1,005
1,006
1,007
1,008
1,009
1,010
1,011
1,012
1,013
1,014
1,015
1,016
1,017
1,018
1,019
1,020
1,021
1,022
1,023
1,024
1,025
1,026
1,027
1,028
1,029
1,030
1,031
1,032
1,033
1,034
1,035
1,036
1,037
1,038
1,039
1,040
1,041
1,042
1,043
1,044
1,045
1,046
1,047
1,048
1,049
1,050
1,051
1,052
1,053
1,054
1,055
1,056
1,057
1,058
1,059
1,060
1,061
1,062
1,063
1,064
1,065
1,066
1,067
1,068
1,069
1,070
1,071
1,072
1,073
1,074
1,075
1,076
1,077
1,078
1,079
1,080
1,081
1,082
1,083
1,084
1,085
1,086
1,087
1,088
1,089
1,090
1,091
1,092
1,093
1,094
1,095
1,096
1,097
1,098
1,099
1,100
1,101
1,102
1,103
1,104
1,105
1,106
1,107
1,108
1,109
1,110
1,111
1,112
1,113
1,114
1,115
1,116
1,117
1,118
1,119
1,120
1,121
1,122
1,123
1,124
1,125
1,126
1,127
1,128
1,129
1,130
1,131
1,132
1,133
1,134
1,135
1,136
1,137
1,138
1,139
1,140
1,141
1,142
1,143
1,144
1,145
1,146
1,147
1,148
1,149
1,150
1,151
1,152
1,153
1,154
1,155
1,156
1,157
1,158
1,159
1,160
1,161
1,162
1,163
1,164
1,165
1,166
1,167
1,168
1,169
1,170
1,171
1,172
1,173
1,174
1,175
1,176
1,177
1,178
1,179
1,180
1,181
1,182
1,183
1,184
1,185
1,186
1,187
1,188
1,189
1,190
1,191
1,192
1,193
1,194
1,195
1,196
1,197
1,198
1,199
1,200
1,201
1,202
1,203
1,204
1,205
1,206
1,207
1,208
1,209
1,210
1,211
1,212
1,213
1,214
1,215
1,216
1,217
1,218
1,219
1,220
1,221
1,222
1,223
1,224
1,225
1,226
1,227
1,228
1,229
1,230
1,231
1,232
1,233
1,234
1,235
1,236
1,237
1,238
1,239
1,240
1,241
1,242
1,243
1,244
1,245
1,246
1,247
1,248
1,249
1,250
1,251
1,252
1,253
1,254
1,255
1,256
1,257
1,258
1,259
1,260
1,261
1,262
1,263
1,264
1,265
1,266
1,267
1,268
1,269
1,270
1,271
1,272
1,273
1,274
1,275
1,276
1,277
1,278
1,279
1,280
1,281
1,282
1,283
1,284
1,285
1,286
1,287
1,288
1,289
1,290
1,291
1,292
1,293
1,294
1,295
1,296
1,297
1,298
1,299
1,300
1,301
1,302
1,303
1,304
1,305
1,306
1,307
1,308
1,309
1,310
1,311
1,312
1,313
1,314
1,315
1,316
1,317
1,318
1,319
1,320
1,321
1,322
1,323
1,324
1,325
1,326
1,327
1,328
1,329
1,330
1,331
1,332
1,333
1,334
1,335
1,336
1,337
1,338
1,339
1,340
1,341
1,342
1,343
1,344
1,345
1,346
1,347
1,348
1,349
1,350
1,351
1,352
1,353
1,354
1,355
1,356
1,357
1,358
1,359
1,360
1,361
1,362
1,363
1,364
1,365
1,366
1,367
1,368
1,369
1,370
1,371
1,372
1,373
1,374
1,375
1,376
1,377
1,378
1,379
1,380
1,381
1,382
1,383
1,384
1,385
1,386
1,387
1,388
1,389
1,390
1,391
1,392
1,393
1,394
1,395
1,396
1,397
1,398
1,399
1,400
1,401
1,402
1,403
1,404
1,405
1,406
1,407
1,408
1,409
1,410
1,411
1,412
1,413
1,414
1,415
1,416
1,417
1,418
1,419
1,420
1,421
1,422
1,423
1,424
1,425
1,426
1,427
1,428
1,429
1,430
1,431
1,432
1,433
1,434
1,435
1,436
1,437
1,438
1,439
1,440
1,441
1,442
1,443
1,444
1,445
1,446
1,447
1,448
1,449
1,450
1,451
1,452
1,453
1,454
1,455
1,456
1,457
1,458

Match case Limit results 1 per page

BigIron RX Series Configuration Guide

53-1002253-01

Configuring TACACS and TACACS+ security

•

You can select only one primary authentication method for each type of access to a device (CLI

through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+

as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS

authentication as a primary method for the same type of access.

However, you can configure

backup authentication methods for each access type.

•

You can configure the Brocade device to authenticate using a TACACS or TACACS+ server, not

both.

TACACS configuration procedure

For TACACS configurations, use the following procedure.

Identify TACACS servers. Refer to

“Identifying the TACACS and TACACS+ servers”

on page 88.

Set optional parameters. Refer to

“Setting optional TACACS and TACACS+ parameters”

page 89.

Configure authentication-method lists. Refer to

“Configuring authentication-method lists for

TACACS and TACACS+”

on page 90.

TACACS+ configuration procedure

For TACACS+ configurations, use the following procedure.

Enable TACACS, refer to

“Enabling SNMP to configure TACACS and TACACS”

on page 87

Identify TACACS+ servers. Refer to

“Identifying the TACACS and TACACS+ servers”

on page 88.

Set optional parameters. Refer to

“Setting optional TACACS and TACACS+ parameters”

page 89.

Configure authentication-method lists. Refer to

“Configuring authentication-method lists for

TACACS and TACACS+”

on page 90.

Optionally configure TACACS+ authorization. Refer to

“Configuring TACACS+ authorization”

page 92.

Optionally configure TACACS+ accounting. Refer to

“Configuring TACACS+ accounting”

page 95.

Enabling SNMP to configure TACACS and TACACS

TACACS is disabled by default. To enable SNMP access to TACACS MIB objects on the device, enter

the following command.

BigIron RX(config)#enable snmp config-tacacs

Syntax:

[no] enable snmp <config-radius | config-tacacs>

The <config-radius> parameter specifies the RADIUS configuration mode. Radius is disabled by

default.

The <config-tacacs> parameter specifies the TACACS configuration mode. TACACS is disabled by

default.