Security
ExtremeWare XOS 11.3 Concepts Guide
332
Do not use the encrypted keyword to set the shared secret. The encrypted keyword is primarily for
the output of the
show configuration command, so the shared secret is not revealed in the command
output.
Enabling and Disabling TACACS+
After server information is entered, you can start and stop TACACS+ authentication as many times as
necessary without needing to reconfigure server information.
To enable TACACS+ authentication, use the following command:
enable tacacs
To disable TACACS+ authentication, use the following command:
disable tacacs
TACACS+ Configuration Example
This section provides a sample TACACS+ server configuration.
The following example:
â—Ź Configures the primary TACACS+ server
â—Ź Configures the shared secret for the primary TACACS+ server
â—Ź Configures the secondary TACACS+ server
â—Ź Configures the shared secret for the secondary TACACS+ server
â—Ź Enables TACACS+ on the switch
All other settings use the default settings as described earlier in this section or in the ExtremeWare XOS
Command Reference Guide.
configure tacacs primary server 10.201.31.238 client-ip 10.201.31.85 vr "VR-Default"
configure tacacs primary shared-secret purple
configure tacacs secondary server 10.201.31.235 client-ip 10.201.31.85 vr "VR-Default"
configure tacacs secondary shared-secret purple
enable tacacs
To display the TACACS+ server settings, use the show tacacs command. The following is sample
output from this command:
TACACS+: enabled
TACACS+ Authorization: disabled
TACACS+ Accounting : disabled
TACACS+ Server Connect Timeout sec: 3
Primary TACACS+ Server:
Server name :
IP address : 10.201.31.238
Server IP Port: 49
Client address: 10.201.31.85 (VR-Default)
Shared secret : purple
Secondary TACACS+ Server:
Server name :
IP address : 10.201.31.235
To Next Page
Loading...
Need help?
General
