Configuring authentication-method lists for, Tacacs and tacacs, Setting the dead time parameter – Brocade BigIron RX Series Configuration Guide User Manual

BigIron RX Series Configuration Guide

83

53-1002484-04

Configuring TACACS and TACACS+ security

3

Setting the dead time parameter

The dead-time parameter specifies how long the device waits for the primary authentication server
to reply before deciding the server is dead and trying to authenticate using the next server. The
dead-time value can be from 1 – 5 seconds. The default is 3 seconds.

To set the TACACS and TACACS+ dead-time value, enter the following command.

BigIron RX(config)# tacacs-server dead-time 5

Syntax: tacacs-server dead-time <number>

Setting the timeout parameter

The timeout parameter specifies how many seconds the Brocade device waits for a response from
the TACACS and TACACS+ server before either retrying the authentication request, or determining
that the TACACS and TACACS+ server is unavailable and moving on to the next authentication
method in the authentication-method list. The timeout can be from 1 – 15 seconds. The default is
3 seconds.

BigIron RX(config)# tacacs-server timeout 5

Syntax: tacacs-server timeout <number>

Configuring authentication-method lists for TACACS
and TACACS+

You can use TACACS and TACACS+ to authenticate Telnet/SSH access and access to Privileged
EXEC level and CONFIG levels of the CLI. When configuring TACACS and TACACS+ authentication,
you create authentication-method lists specifically for these access methods, specifying TACACS
and TACACS+ as the primary authentication method.

Within the authentication-method list, TACACS and TACACS+ is specified as the primary
authentication method and up to six backup authentication methods are specified as alternates. If
TACACS and TACACS+ authentication fails due to an error, the device tries the backup
authentication methods in the order they appear in the list.

When you configure authentication-method lists for TACACS and TACACS+ authentication, you must
create a separate authentication-method list for Telnet/SSH CLI access, and for access to the
Privileged EXEC level and CONFIG levels of the CLI.

To create an authentication-method list that specifies TACACS and TACACS+ as the primary
authentication method for securing Telnet/SSH access to the CLI.

BigIron RX(config)# enable telnet authentication

BigIron RX(config)# aaa authentication login default tacacs local

The commands above cause TACACS and TACACS+ to be the primary authentication method for
securing Telnet/SSH access to the CLI. If TACACS and TACACS+ authentication fails due to an error
with the server, authentication is performed using local user accounts instead.

To create an authentication-method list that specifies TACACS and TACACS+ as the primary
authentication method for securing access to Privileged EXEC level and CONFIG levels of the CLI.

BigIron RX(config)# aaa authentication enable default tacacs local none