NEC INTELLIGENT L2 SWITCH N8406-022A User Manual
Page 20
Accessing the switch 20
Configuring TACACS+ authentication on the switch (AOS CLI example)
1.
Turn TACACS+ authentication on, then configure the Primary and Secondary TACACS+ servers.
>> Main# /cfg/sys/tacacs (Select the TACACS+ Server menu)
>> TACACS+ Server# on (Turn TACACS+ on)
Current status: OFF
New status: ON
>> TACACS+ Server# prisrv 10.10.1.1 (Enter primary server IP)
Current primary TACACS+ server: 0.0.0.0
New pending primary TACACS+ server: 10.10.1.1
>> TACACS+ Server# secsrv 10.10.1.2 (Enter secondary server IP)
Current secondary TACACS+ server: 0.0.0.0
New pending secondary TACACS+ server: 10.10.1.2
2.
Configure the TACACS+ secret and second secret.
>> TACACS+ Server# secret
Enter new TACACS+ secret: <1-32 character secret>
>> TACACS+ Server# secret2
Enter new TACACS+ second secret: <1-32 character secret>
CAUTION: If you configure the TACACS+ secret using any method other than a direct console connection,
the secret may be transmitted over the network as clear text.
3.
If desired, you may change the default TCP port number used to listen to TACACS+.
4.
The well-known port for TACACS+ is 49.
>> TACACS+ Server# port
Current TACACS+ port: 49
Enter new TACACS+ port [1-65000]: <port number>
5.
Configure the number retry attempts for contacting the TACACS+ server and the timeout period.
>> TACACS+ Server# retries
Current TACACS+ server retries: 3
Enter new TACACS+ server retries [1-3]: 2
>> TACACS+ Server# time
Current TACACS+ server timeout: 5
Enter new TACACS+ server timeout [4-15]: 10 (Enter the timeout period
in minutes)
6.
Configure custom privilege-level mapping (optional).
>> TACACS+ Server# usermap 2
Current privilege mapping for remote privilege 2: not set
Enter new local privilege mapping: user
>> TACACS+ Server# usermap 3 user
>> TACACS+ Server# usermap 4 user
>> TACACS+ Server# usermap 5 oper
7.
Apply and save the configuration.