Tacacs/tacacs+ configuration considerations, Configuring tacacs – Brocade Communications Systems Brocade ICX 6650 6650 User Manual

Page 50

Advertising

Brocade ICX 6650 Security Configuration Guide

53-1002601-01

TACACS and TACACS+ security

When you paste commands into the running-config, and AAA command authorization or
accounting, or both, are configured on the device, AAA operations are performed on the pasted
commands. The AAA operations are performed before the commands are actually added to the
running-config. The server performing the AAA operations should be reachable when you paste the
commands into the running-config file. If the device determines that a pasted command is invalid,
AAA operations are halted on the remaining commands. The remaining commands may not be
executed if command authorization is configured.

TACACS/TACACS+ configuration considerations

•

You must deploy at least one TACACS/TACACS+ server in your network.

•

Brocade devices support authentication using up to eight TACACS/TACACS+ servers. The
device tries to use the servers in the order you add them to the device configuration.

•

You can select only one primary authentication method for each type of access to a device (CLI
through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+
as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS
authentication as a primary method for the same type of access. However, you can configure
backup authentication methods for each access type.

•

You can configure the Brocade device to authenticate using a TACACS or TACACS+ server, not
both.

Configuring TACACS

Follow the procedure given below for TACACS configurations.

1. Identify TACACS servers. Refer to

“Identifying the TACACS/TACACS+ servers”

on page 31.

2. Set optional parameters. Refer to

“Setting optional TACACS and TACACS+ parameters”

page 32.

3. Configure authentication-method lists. Refer to

“Configuring authentication-method lists for