Configuring tacacs+ authentication – Blade ICE G8000 User Manual

RackSwitch G8000 Application Guide

Chapter 1: Accessing the Switch

„

33

BMD00041, November 2008

When TACACS+ Command Logging is enabled, Blade OS configuration commands are
logged on the TACACS+ server. Use the following command to enable TACACS+
Command Logging:

The following examples illustrate the format of Blade OS commands sent to the TACACS+
server:

Configuring TACACS+ Authentication

1.

Configure the Primary and Secondary TACACS+ servers, and enable TACACS
authentication.

2.

Configure the TACACS+ secret and second secret.

3.

If desired, you may change the default TCP port number used to listen to TACACS+.

The well-known port for TACACS+ is 49.

4.

Configure the number of retry attempts, and the timeout period.

RS G8000 (config)#

tacacs-server command-logging

authorization request, cmd=shell, cmd-arg=interface ip

accounting request, cmd=shell, cmd-arg=interface ip

authorization request, cmd=shell, cmd-arg=enable

accounting request, cmd=shell, cmd-arg=enable

RS G8000 (config)# tacacs-server primary-host 10.10.1.1

RS G8000 (config)# tacacs-server secondary-host 10.10.1.2

RS G8000 (config)# tacacs-server enable

RS G8000 (config)# tacacs-server primary-host 10.10.1.1

key

<1-32 character secret>

RS G8000 (config)# tacacs-server secondary-host 10.10.1.2

key

<1-32 character secret>

RS G8000 (config)# tacacs-server port

<TCP port number>

RS G8000 (config)# tacacs-server retransmit 3

RS G8000 (config)# tacacs-server timeout 5