Dell PowerSwitch S4112F-ON OS10 Enterprise Edition User Guide Release 10.4.1.0 - Page 521
TACACS+ authentication
View all Dell PowerSwitch S4112F-ON manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 521 highlights
servers one at a time, until a RADIUS server responds with an accept or reject response. The switch tries to connect with a server for the configured number of retransmit retries and timeout period. Configure global settings for the timeout and retransmit attempts allowed on RADIUS servers by using the radius-server retransmit and radius-server timeout commands. By default, OS10 supports three RADIUS authentication attempts and times out after five seconds. • Configure the number of times OS10 retransmits a RADIUS authentication request in CONFIGURATION mode (0 to 100 retries; default 3). radius-server retransmit retries • Configure the timeout period used to wait for an authentication response from a RADIUS server in CONFIGURATION mode (0 to 1000 seconds; default 5). radius-server timeout seconds Configure RADIUS server OS10(config)# radius-server host 1.2.4.5 OS10(config)# radius-server retransmit 10 OS10(config)# radius-server timeout 10 View RADIUS server configuration OS10# show running-configuration ... radius-server host 1.2.4.5 key 9 3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b radius-server retransmit 10 radius-server timeout 10 ... Delete RADIUS server OS10# no radius server host 1.2.4.5 TACACS+ authentication Configure a TACACS+ authentication server by entering the server's IP address or host name. You must also enter a text string for the key used to authenticate the OS10 switch on a TACACS+ host. The TCP port entry is optional. TACACS+ provides greater data security by encrypting the entire protocol portion in a packet sent from the switch to an authentication server. RADIUS encrypts only passwords. • Configure a TACACS+ authentication server in CONFIGURATION mode. By default, a TACACS+ server uses TCP port 49 for authentication. tacacs-server host {hostname | ip-address} key {0 authentication-key | 9 authentication-key | authentication-key} [auth-port port-number] Re-enter the tacacs-server host command multiple times to configure more than one TACACS+ server. If you configure multiple TACACS+ servers, OS10 attempts to connect in the order you configured them. An OS10 switch connects with the configured TACACS+ servers one at a time, until a TACACS+ server responds with an accept or reject response. Configure the global timeout used on all TACACS+ servers by using the tacacs-server timeout command. By default, OS10 times out an authentication attempt on a TACACS+ server after five seconds. • Enter the timeout value used to wait for an authentication response from TACACS+ servers in CONFIGURATION mode (1 to 1000 seconds; default 5). tacacs-server timeout seconds System management 521