Tacacs and tacacs+ configuration considerations, Tacacs configuration procedure – Brocade BigIron RX Series Configuration Guide User Manual
Page 157
BigIron RX Series Configuration Guide
79
53-1002484-04
Configuring TACACS and TACACS+ security
3
AAA security for commands pasted Into the running configuration
If AAA security is enabled on the device, commands pasted into the running configuration are
subject to the same AAA operations as if they were entered manually.
When you paste commands into the running configuration, and AAA command authorization or
accounting is configured on the device, AAA operations are performed on the pasted commands.
The AAA operations are performed before the commands are actually added to the running
configuration. The server performing the AAA operations should be reachable when you paste the
commands into the running configuration file. If the device determines that a pasted command is
invalid, AAA operations are halted on the remaining commands. The remaining commands may not
be executed if command authorization is configured.
TACACS and TACACS+ configuration considerations
Consider the following before you configure TACACS and TACACS+:
•
You must deploy at least one TACACS and TACACS+ server in your network.
•
The device supports authentication using up to eight TACACS and TACACS+ servers. The device
tries to use the servers in the order you add them to the device’s configuration.
•
You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+
as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS
authentication as a primary method for the same type of access. However, you can configure
backup authentication methods for each access type.
•
You can configure the Brocade device to authenticate using a TACACS or TACACS+ server, not
both.
TACACS configuration procedure
For TACACS configurations, use the following procedure.
1. Identify TACACS servers. Refer to
“Identifying the TACACS and TACACS+ servers”
2. Set optional parameters. Refer to
“Setting optional TACACS and TACACS+ parameters”
User enters the command:
[no] aaa accounting system default
start-stop
<
method-list>
Command authorization (TACACS+):
aaa authorization commands
<
privilege-level> default
<
method-list>
Command accounting (TACACS+):
aaa accounting commands
<
privilege-level> default start-stop
<
method-list>
System accounting start (TACACS+):
aaa accounting system default start-stop
<
method-list>
User enters other commands
Command authorization (TACACS+):
aaa authorization commands
<
privilege-level> default
<
method-list>
Command accounting (TACACS+):
aaa accounting commands
<
privilege-level> default start-stop
<
method-list>
User action
Applicable AAA operations