3 tacacs-server nas-ipv4, 4 tacacs-server timeout, 5 debug tacacs-server – PLANET XGS3-24040 User Manual

Page 781: Tacacs, Server nas, Server timeout, Debug tacacs, Server

Advertising
background image

Commands for Security Function Chapter 6 Commands for TACACS+

46-2

Example: Configure test as the TACACS+ server authentication key.

Switch(config)# tacacs-server key test

46.3 tacacs-server nas-ipv4

Command: tacacs-server nas-ipv4 <ip-address>

no tacacs-server nas-ipv4

Function: Configure the source IP address of TACACS+ packet sent by the switch; the “no

tacacs-server nas-ipv4” command deletes the configuration.

Parameter: <ip-address> is the source IP address of TACACS+ packet, in dotted decimal notation, it

must be a valid unicast IP address.

Default: No specific source IP address for TACACS+ packet is configured, the IP address of the interface

from which the TACACS+ packets are sent is used as source IP address of TACACS+ packet.

Command Mode: Global Mode

Usage Guide: The source IP address must belongs to one of the IP interface of the switch, otherwise an

failure message of binding IP address will be returned when the switch send TACACS+ packet. We

suggest using the IP address of loopback interface as source IP address, it avoids that the packets from

TACACS+ server are dropped when the interface link-down.

Example: Configure the source ip address of TACACS+ packet as 192.168.2.254.

Switch#tacacs-server nas-ipv4 192.168.2.254

46.4 tacacs-server timeout

Command: tacacs-server timeout <seconds>

no tacacs-server timeout

Function: Configure a TACACS+ server authentication timeout timer; the “no tacacs-server timeout

command restores the default configuration.

Parameter: <seconds> is the value of TACACS+ authentication timeout timer, shown in seconds and

the valid range is 1~60.

Command Mode: Global Mode

Default: 3 seconds by default.

Usage Guide: The command specifies the period the switch wait for the authentication through

TACACS+ server. When connected to the TACACS+, and after sent the authentication query data packet

to the TACACS+ server, the switch waits for the response. If no replay is received during specified period,

the authentication is considered failed.

Example: Configure the timeout timer of the tacacs+ server to 30 seconds.

Switch(config)# tacacs-server timeout 30

46.5 debug tacacs-server

Command: debug tacacs-server

no debug tacacs-server

Advertising
Popular Brands
Popular manuals