IronPort Systems 4108GL User Manual
Page 176
9-22
Using Passwords and TACACS+ To Protect Against Unauthorized Access
TACACS+ Authentication for Central Control of Switch Access Security
Usi
n
g P
a
ssword
s a
nd
T
A
CA
CS
+
Adding, Removing, or Changing the Priority of a TACACS+ Server.
Suppose that the switch was already configured to use TACACS+ servers at
10.28.227.10 and 10.28.227.15. In this case, 10.28.227.15 was entered first, and
so is listed as the first-choice server:
Figure 9-4. Example of the Switch with Two TACACS+ Server Addresses
Configured
To move the "first-choice" status from the "15" server to the "10" server, use
the
no tacacs-server host <ip-addr>
command to delete both servers, then use
tacacs-server host <ip-addr>
to re-enter the "10" server first, then the "15" server.
The servers would then be listed with the new "first-choice" server, that is:
Figure 9-5.
Example of the Switch After Assigning a Different "First-Choice" Server
timeout <1. . 255>
5 sec
1 - 255 sec
Specifies how long the switch waits for a TACACS+ server to respond to an authentication request. If the switch does
not detect a response within the timeout period, it initiates a new request to the next TACACS+ server in the list. If all
TACACS+ servers in the list fail to respond within the timeout period, the switch uses either local authentication (if
configured) or denies access (if none configured for local authentication).
Name
Default
Range
First-Choice TACACS+ Server
The "10" server is now the "first-choice" TACACS+ authentication device.