Brocade TurboIron 24X Series Configuration Guide User Manual

Page 133

Advertising
background image

Brocade TurboIron 24X Series Configuration Guide

99

53-1003053-01

Configuring TACACS/TACACS+ security

If you specify a loopback interface as the single source for TACACS/TACACS+ packets,
TACACS/TACACS+ servers can receive the packets regardless of the states of individual links.
Thus, if a link to the TACACS/TACACS+ server becomes unavailable but the client or server can
be reached through another link, the client or server still receives the packets, and the packets
still have the source IP address of the loopback interface.

The software contains separate CLI commands for specifying the source interface for Telnet,
TACACS/TACACS+, and RADIUS packets. You can configure a source interface for one or more of
these types of packets.

To specify an Ethernet, loopback, or virtual interface as the source for all TACACS/TACACS+ packets
from the device, use the following CLI method. The software uses the lowest-numbered IP address
configured on the port or interface as the source IP address for TACACS/TACACS+ packets
originated by the device.

To specify the lowest-numbered IP address configured on a virtual interface as the device source
for all TACACS/TACACS+ packets, enter commands such as the following.

TurboIron(config)#int ve 1

TurboIron(config-vif-1)#ip address 10.0.0.3/24

TurboIron(config-vif-1)#exit

TurboIron(config)#ip tacacs source-interface ve 1

The commands in this example configure virtual interface 1, assign IP address 10.0.0.3/24 to the
interface, then designate the interface as the source for all TACACS/TACACS+ packets from the
Layer 3 Switch.

Syntax: ip tacacs source-interface ethernet <portnum> | loopback <num> | ve <num>

The <portnum> parameter is a valid port number.

The <num> parameter is a loopback interface or virtual interface number.

Displaying TACACS/TACACS+ statistics and
configuration information

The show aaa command displays information about all TACACS+ and RADIUS servers identified on
the device.

TurboIron#show aaa

Tacacs+ key: Brocade

Tacacs+ retries: 1

Tacacs+ timeout: 15 seconds

Tacacs+ dead-time: 3 minutes

Tacacs+ Server: 10.95.6.90 Port:49:

opens=6 closes=3 timeouts=3 errors=0

packets in=4 packets out=4

no connection

Radius key: networks

Radius retries: 3

Radius timeout: 3 seconds

Radius dead-time: 3 minutes

Radius Server: 10.95.6.90 Auth Port=1645 Acct Port=1646:

opens=2 closes=1 timeouts=1 errors=0

packets in=1 packets out=4

no connection

Advertising
Popular Brands
Popular manuals