Authenticating Users Using RADIUS or TACACS+
ExtremeWare XOS 11.3 Concepts Guide
333
Server IP Port: 49
Client address: 10.201.31.85 (VR-Default)
Shared secret : purple
TACACS+ Acct Server Connect Timeout sec: 3
Primary TACACS+ Accounting Server:Not configured
Secondary TACACS+ Accounting Server:Not configured
Configuring TACACS+ Accounting
Extreme Networks switches are capable of sending TACACS+ accounting information. As with
TACACS+ authentication, you can specify two servers for receipt of accounting information.
To specify TACACS+ accounting servers, use the following command:
configure tacacs-accounting [primary | secondary] server [<ipaddress> | <hostname>]
{<udp_port>} client-ip <ipaddress> {vr <vr_name>}
To configure the primary TACACS+ accounting server, specify primary. To configure the secondary
TACACS+ accounting server, specify
secondary.
Configuring the TACACS+ Accounting Timeout Value
To configure the timeout if a server fails to respond, use the following command:
configure tacacs-accounting timeout <seconds>
To detect and recover from a TACACS+ accounting server failure when the timeout has expired, the
switch makes one authentication attempt before trying the next designated TACACS+ accounting server
or reverting to the local database for authentication. In the event that the switch still has IP connectivity
to the TACACS+ accounting server, but a TCP session cannot be established, (such as a failed TACACS+
daemon on the accounting server), fail over happens immediately regardless of the configured timeout
value.
For example, if the timeout value is set for 3 seconds (the default value), it takes 3 seconds to fail over
from the primary TACACS+ accounting server to the secondary TACACS+ accounting server. If both
the primary and the secondary servers fail or are unavailable, it takes approximately 6 seconds to revert
to the local database for authentication.
Configuring the Shared Secret Password for TACACS+ Accounting Servers
TACACS+ accounting also uses the shared secret password mechanism to validate communication
between network access devices and TACACS+ accounting servers.
To specify shared secret passwords for TACACS+ accounting servers, use the following command:
configure tacacs-accounting [primary | secondary] shared-secret {encrypted} <string>
To configure the primary TACACS+ accounting server, specify primary. To configure the secondary
TACACS+ accounting server, specify
secondary.
Do not use the
encrypted keyword to set the shared secret. The encrypted keyword is primarily for
the output of the
show configuration command, so the shared secret is not revealed in the command
output.
To Next Page
Loading...
Need help?
General
