Setting the tacacs+ key, Setting the retransmission limit, Setting the timeout parameter – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 53

Advertising
background image

Brocade ICX 6650 Security Configuration Guide

33

53-1002601-01

TACACS and TACACS+ security

Setting the TACACS+ key

The key parameter in the tacacs-server command is used to encrypt TACACS+ packets before they
are sent over the network. The value for the key parameter on the Brocade device should match the
one configured on the TACACS+ server. The key can be from 1 – 32 characters in length and cannot
include any space characters.

NOTE

The tacacs-server key command applies only to TACACS+ servers, not to TACACS servers. If you are
configuring TACACS, do not configure a key on the TACACS server and do not enter a key on the
Brocade device.

To specify a TACACS+ server key, enter a command such as following.

Brocade(config)# tacacs-server key rkwong

Syntax: tacacs-server key [0 | 1] string

When you display the configuration of the Brocade device, the TACACS+ keys are encrypted. For
example.

Brocade(config)# tacacs-server key 1 abc
Brocade(config)# write terminal
...
tacacs-server host 10.2.3.5 auth-port 49
tacacs key 1 $!2d

NOTE

Encryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.

Setting the retransmission limit

The retransmit parameter specifies how many times the Brocade device will resend an
authentication request when the TACACS/TACACS+ server does not respond. The retransmit limit
can be from 1 – 5 times. The default is 3 times.

To set the TACACS and TACACS+ retransmit limit, enter a command such as the following.

Brocade(config)# tacacs-server retransmit 5

Syntax: tacacs-server retransmit number

Setting the timeout parameter

The timeout parameter specifies how many seconds the Brocade device waits for a response from
the TACACS/TACACS+ server before either retrying the authentication request, or determining that
the TACACS/TACACS+ server is unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.

Brocade(config)# tacacs-server timeout 5

Syntax: tacacs-server timeout number

Advertising
Popular Brands
Popular manuals