EasyManuals Logo

Foundry Networks Switch and Router User Manual

Default Icon
1070 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #86 background imageLoading...
Page #86 background image
Foundry Switch and Router Installation and Configuration Guide
3 - 22 December 2000
TACACS/TACACS+ Configuration Considerations
You must deploy at least one TACACS/TACACS+ server in your network.
Foundry devices support authentication using up to eight TACACS/TACACS+ servers. The device tries to
use the servers in the order you add them to the devices configuration.
You can select only one primary authentication method for each type of access to a device (CLI through
Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+ as the primary
authentication method for Telnet CLI access, but you cannot also select RADIUS authentication as a primary
method for the same type of access. However, you can configure backup authentication methods for each
access type.
You can configure the Foundry device to authenticate using a TACACS or TACACS+ server, not both.
TACACS Configuration Procedure
For TACACS configurations, use the following procedure:
1. Identify TACACS servers. See Identifying the TACACS/TACACS+ Servers on page 3-22.
2. Set optional parameters. See Setting Optional TACACS/TACACS+ Parameters on page 3-23.
3. Configure authentication-method lists. See Configuring Authentication-Method Lists for TACACS/
TACACS+ on page 3-24.
TACACS+ Configuration Procedure
For TACACS+ configurations, use the following procedure:
1. Identify TACACS+ servers. See Identifying the TACACS/TACACS+ Servers on page 3-22.
2. Set optional parameters. See Setting Optional TACACS/TACACS+ Parameters on page 3-23.
3. Configure authentication-method lists. See Configuring Authentication-Method Lists for TACACS/
TACACS+ on page 3-24.
4. Optionally configure TACACS+ authorization. See Configuring TACACS+ Authorization on page 3-25.
5. Optionally configure TACACS+ accounting. See Configuring TACACS+ Accounting on page 3-27.
Identifying the TACACS/TACACS+ Servers
To use TACACS/TACACS+ servers to authenticate access to a Foundry device, you must identify the servers to
the Foundry device.
For example, to identify three TACACS/TACACS+ servers, enter commands such as the following:
BigIron(config)# tacacs-server host 207.94.6.161
BigIron(config)# tacacs-server host 207.94.6.191
BigIron(config)# tacacs-server host 207.94.6.122
Syntax: tacacs-server <ip-addr>|<hostname> [auth-port <number>]
The <ip-addr>|<hostname> parameter specifies the IP address or host name of the server. You can enter up to
eight tacacs-server host commands to specify up to eight different servers.
User enters other commands Command authorization (TACACS+):
aaa authorization commands <privilege-level> default <method-list>
Command accounting (TACACS+):
aaa accounting commands <privilege-level> default start-stop
<method-list>
User Action Applicable AAA Operations

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Foundry Networks Switch and Router and is the answer not in the manual?

Foundry Networks Switch and Router Specifications

General IconGeneral
BrandFoundry Networks
ModelSwitch and Router
CategorySwitch
LanguageEnglish

Related product manuals