Allied Telesis AT-S63 User Manual
Page 768
Chapter 34: TACACS+ and RADIUS Protocols
768
Section VII: Management Security
prompt and enter the encryption secret using the TAC Global Secret
parameter.
However, if you are specifying only one TACACS+ server or if the
servers have difference encryption secrets, then respond with Yes to
this prompt. You will see:
Enter per-server secret [max 40 characters] ->
Use this prompt to enter the encryption secret for the TACACS+ server
whose IP address you are specifying.
4 - TAC Server Order
Use this selection to indicate the order in which you want the switch to
query the TACACS+ servers for logon authentication. Of course, you
can skip this option if you specified only one IP address. The default is
1, 2, and 3, in that order.
5 - TAC Global Secret
If all of the TACACS+ servers have the same encryption secret, rather
then entering the same secret when you enter the IP addresses, you
can use this option to enter the secret only once.
3 - TAC Timeout
This parameter specifies the maximum amount of time the switch waits
for a response from a TACACS+ server before assuming the server is
not responding. If the timeout expires and the server has not
responded, the switch queries the next TACACS+ server in the list. If
there are no more servers, the switch defaults to the standard
Manager and Operator accounts. The default is 30 seconds. The
range is 1 to 300 seconds.
5. After you have finished configuring the parameters in the TACACS+
Client Configuration menu, type R to return to the Authentication
Configuration menu, shown in Figure 269 on page 765.
6. From the Authentication Configuration menu, type 1 to select Server-
based Authentication.
The following prompt is displayed:
Server Based User Authentication (E-Enabled,
D-Disabled) ->
7. Type E to enable server-based authentication on the switch.
8. The TACACS+ client software is now active on the switch.
9. After making changes, type R until you return to the Main Menu. Then
type S to select Save Configuration Changes.