Dell PowerEdge M520 Dell PowerConnect M6220/M6348/M8024 Switches Configuration - Page 116

TACACS+ Configuration Example, PowerConnect M6220/M6348/M8024 Switches with TACACS

Get Dell PowerEdge M520 PDF manuals and user guides View all Dell PowerEdge M520 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 116 highlights

TACACS+ Configuration Example This example configures two TACACS+ servers at 10.10.10.10 and 11.11.11.11. Each server has a unique shared secret key. The server at 10.10.10.10 has a default priority of 0, the highest priority, while the other server has a priority of 2. The process creates a new authentication list, called tacacsList, which uses TACACS+ to authenticate, and uses local authentication as a backup method. Figure 5-5. PowerConnect M6220/M6348/M8024 Switches with TACACS+ When a user attempts to log into the switch, the NAS or switch prompts for a username and password. The switch attempts to communicate with the highest priority configured TACACS+ server at 10.10.10.10. Upon successful connection with the server, the switch and server exchange the login credentials over an encrypted channel. The server then grants or denies access, which the switch honors, and either allows or does not allow the user to gain access to the switch. If neither of the two servers can be contacted, the switch searches its local user database for the user. console# config console(config)#tacacs-server host 10.10.10.10 console(config)#key tacacs1 console(config)#exit console(config)#tacacs-server host 11.11.11.11 console(config)#key tacacs2 116 Device Security

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
116
Device Security
TACACS+ Configuration Example
This example configures two TACACS+ servers at 10.10.10.10 and 11.11.11.11. Each server has a unique
shared secret key. The server at 10.10.10.10 has a default priority of 0, the highest priority, while the other
server has a priority of 2. The process creates a new authentication list, called tacacsList, which uses
TACACS+ to authenticate, and uses local authentication as a backup method.
Figure 5-5.
PowerConnect M6220/M6348/M8024 Switches with TACACS+
When a user attempts to log into the switch, the NAS or switch prompts for a username and password.
The switch attempts to communicate with the highest priority configured TACACS+ server at
10.10.10.10. Upon successful connection with the server, the switch and server exchange the login
credentials over an encrypted channel. The server then grants or denies access, which the switch honors,
and either allows or does not allow the user to gain access to the switch. If neither of the two servers can
be contacted, the switch searches its local user database for the user.
console# config
console(config)#tacacs-server host 10.10.10.10
console(config)#key tacacs1
console(config)#exit
console(config)#tacacs-server host 11.11.11.11
console(config)#key tacacs2