TACACS+
Fixed Switch Configuration Guide 26-11
TACACS+
TACACS+ (Terminal Access Controller Access-Control System Plus), is a security protocol
developed by Cisco Systems which can be used as an alternative to the standard RADIUS security
protocol (RFC 2865). TACACS+ runs over TCP and encrypts the body of each packet.
Based on the now obsolete TACACS protocol (defined in RFC 1492), TACACS+ is defined in an
unpublished and expired Internet Draft draft-grant-tacacs-02.txt, “The TACACS+ Protocol Version
1.78,” January, 1997.
TACACS+ provides the following services:
• User authentication
• User authorization
• Accounting (user activity)
You can configure the TACACS+ client on your Enterasys device in conjunction with one or more
TACACS+ access servers to provide authentication, authorization, or accounting services on your
network. Each of the TACACS+ services can be implemented on separate servers.
7. Optionally, enable the aging of first arrival MAC
addresses on a port or ports.
Use either the set maclock agefirstarrival
disable or clear maclock firstarrival
commands to disable aging.
set maclock agefirstarrival
port-string enable
8. Optionally, disable clearing of dynamic MAC
addresses on link change.
Use either the set maclock clearonlinkchange
enable or clear maclock clearonlinkchange
commands to enable clearing on link loss.
set maclock clearonlinkchange
port-string disable
9. Optionally, move all current first arrival MACs to
static entries.
set maclock move port-string
10. Optionally, configure MAC locking notifications. set maclock trap port-string { enable
| disable} [threshold | violation]
set maclock syslog port-string
{disable | enable} [threshold |
violation]
11. Optionally. enable port shutdown when the first
arrival threshold has been exceeded.
Use the clear maclock disable-port command
to disable port shutdown.
set maclock disable-port port-string
clear maclock disable-port
port-string
12. Clear ports disabled due to a MAC lock violation. clear maclock violation
disabled-port port-string
13. Display MAC locking information. show maclock [port-string]
show maclock stations [firstarrival
| static] [port-string]
Procedure 26-3 MAC Locking Configuration (continued)
Step Task Command(s)
To Next Page
Loading...
Need help?
General