Enabling snmp to configure tacacs and tacacs, Identifying the tacacs and tacacs+ servers, Tacacs+ configuration procedure – Brocade BigIron RX Series Configuration Guide User Manual

Page 158

Advertising
background image

80

BigIron RX Series Configuration Guide

53-1002484-04

Configuring TACACS and TACACS+ security

3

3. Configure authentication-method lists. Refer to

“Configuring authentication-method lists for

TACACS and TACACS+”

on page 83.

TACACS+ configuration procedure

For TACACS+ configurations, use the following procedure.

1. Enable TACACS, refer to

“Enabling SNMP to configure TACACS and TACACS”

on page 80

2. Identify TACACS+ servers. Refer to

“Identifying the TACACS and TACACS+ servers”

on page 80.

3. Set optional parameters. Refer to

“Setting optional TACACS and TACACS+ parameters”

on

page 81.

4. Configure authentication-method lists. Refer to

“Configuring authentication-method lists for

TACACS and TACACS+”

on page 83.

5. Optionally configure TACACS+ authorization. Refer to

“Configuring TACACS+ authorization”

on

page 85.

6. Optionally configure TACACS+ accounting. Refer to

“Configuring TACACS+ accounting”

on

page 88.

Enabling SNMP to configure TACACS and TACACS

TACACS is disabled by default. To enable SNMP access to TACACS MIB objects on the device, enter
the following command.

BigIron RX(config)#enable snmp config-tacacs

Syntax: [no] enable snmp <config-radius | config-tacacs>

The <config-radius> parameter specifies the RADIUS configuration mode. Radius is disabled by
default.

The <config-tacacs> parameter specifies the TACACS configuration mode. TACACS is disabled by
default.

Identifying the TACACS and TACACS+ servers

To use TACACS and TACACS+ servers to authenticate access to adevice, you must identify the
servers to the device.

For example, to identify three TACACS and TACACS+ servers, enter commands such as the
following.

BigIron RX(config)# tacacs-server host 207.94.6.161

BigIron RX(config)# tacacs-server host 207.94.6.191

BigIron RX(config)# tacacs-server host 207.94.6.122

Syntax: tacacs-server host <ip-addr> |ipv6<ipv6-addr> |<hostname> [auth-port <number>]

The <ip-addr> |<hostname> parameter specifies the IP address or host name of the server. You
can enter up to eight tacacs-server host commands to specify up to eight different servers.

NOTE

To specify the server's host name instead of its IP address, you must first identify a DNS server using
the ip dns server-address <ip-addr> command at the global CONFIG level.

Advertising
Popular Brands
Popular manuals