Setting the tacacs+ key, Setting the retransmission limit – Brocade BigIron RX Series Configuration Guide User Manual

Page 160

Advertising
background image

82

BigIron RX Series Configuration Guide

53-1002484-04

Configuring TACACS and TACACS+ security

3

Retransmit interval – This parameter specifies how many times the Brocade device will resend
an authentication request when the TACACS and TACACS+ server does not respond. The
retransmit value can be from 1 – 5 times. The default is 3 times.

Dead time – This parameter specifies how long the Brocade device waits for the primary
authentication server to reply before deciding the server is dead and trying to authenticate
using the next server. The dead-time value can be from 1 – 5 seconds. The default is 3
seconds.

Timeout – This parameter specifies how many seconds the Brocade device waits for a
response from a TACACS and TACACS+ server before either retrying the authentication request,
or determining that the TACACS and TACACS+ servers are unavailable and moving on to the
next authentication method in the authentication-method list. The timeout can be from 1 – 15
seconds. The default is 3 seconds.

Setting the TACACS+ key

The key parameter in the tacacs-server command is used to encrypt TACACS+ packets before they
are sent over the network. The value for the key parameter on the device should match the one
configured on the TACACS+ server. The key can be from 1 – 32 characters in length and cannot
include any space characters.

NOTE

The tacacs-server key command applies only to TACACS+ servers, not to TACACS servers. If you are
configuring TACACS, do not configure a key on the TACACS server and do not enter a key on the
device.

To specify a TACACS+ server key, enter the following command.

BigIron RX(config)# tacacs-server key rkwong

Syntax: tacacs-server key [0 | 1] <string>

When you display the configuration of the device, the TACACS+ keys are encrypted.

BigIron RX(config)# tacacs-server key 1 abc

BigIron RX(config)# write terminal

...

tacacs-server host 1.2.3.5 auth-port 49

tacacs key 1 $!2d

NOTE

Encryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.

Setting the retransmission limit

The retransmit parameter specifies how many times the device will resend an authentication
request when the TACACS and TACACS+ server does not respond. The retransmit limit can be from
1 – 5 times. The default is 3 times.

To set the TACACS and TACACS+ retransmit limit, enter the following command.

BigIron RX(config)# tacacs-server retransmit 5

Syntax: tacacs-server retransmit <number>

Advertising
Popular Brands
Popular manuals