Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 1270
1262
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
26
authorization server <1-2> retry-timeout-factor <50-200>
authorization server <1-2> timeout <3-5> {attempts <1-3>}
authorization server preference
[authenticated-server-host|authenticated-server-number|none]
Example
rfs7000-37FABE(config-aaa-tacacs-policy-test)#authorization
allow-privileged-commands
rfs7000-37FABE(config-aaa-tacacs-policy-test)#show context
aaa-tacacs-policy test
authentication directed-request
accounting server preference authorized-server-number
authorization allow-privileged-commands
accounting auth-fail
accounting commands
secret [0 <SECRET>|
2 <SECRET>|<SECRET>]
Optional. Configures the secret used to authorize with the TACACS server
•
0 <SECRET> – Configures a clear text secret
•
2 <SECRET> – Configures an encrypted secret
•
<SECRET> – Specify the secret key. The shared key should not exceed 127 characters.
port <1-65535>
Optional. Specifies the port used to connect to the TACACS server
•
<1-65535> – Specify a value for the TCP authorization port from 1 - 65535. The default port is 49.
server <1-2>
Configures a TACACS authorization server. Up to 2 TACACS servers can be configured
•
<1-2> – Specify the TACACS server index from 1 - 2.
retry-timeout-factor
<50-200>
Configures the scaling of timeouts between consecutive TACACS authorization retries
•
<50-200> – Specify the scaling factor from 50 - 200. The default is 100.
A value of 100 indicates the interval between consecutive retires remains the same irrespective of the
number of retries.
A value lesser than 100 indicates the interval between consecutive retries reduces with each successive
retry.
A value greater than 100 indicates the interval between consecutive retries
increases with each successive retry.
server <1-2>
Configures a TACACS authorization server. Up to 2 TACACS servers can be configured
•
<1-2> – Specify the TACACS server’s index from 1- 2.
timeout <3-5>
Configures the timeout, in seconds, for each request sent to the TACACS server. This is the time allowed
to elapse before another request is sent to the TACACS server. If a response is received from the TACACS
server within this time, no retry is attempted.
•
<3-5> – Specify a value from 3 - 5 seconds. The default is 3 seconds.
attempts <1-3>
Optional. Indicates the number of retry attempts to make before giving up
•
<1-3> – Specify a value from 1 - 3. The default is 3.
preference
Configures the authorization server preference
authenticated-server-host
Sets the authentication server as the authorization server
This parameter indicates the same server is used for authentication and authorization+. The server is
referred to by its hostname.
authenticated-server-number
Sets the authentication server as the authorization server
This parameter indicates the same server is used for authentication and authorization. The server is
referred to by its index or number.
none
Indicates the authorization server is independent of the authentication