Configuration Commands 86
Table 79 TACACS+ Server Configuration commands
Command Description
[no] tacacs-server telnet-backdoor
Enables or disables the TACACS+ back door for telnet. The
telnet command also applies to SSH/SCP connections and the
Browser-based Interface (BBI). This command does not apply when
secure backdoor (
secbd) is enabled.
Command mode: Global configuration
[no] tacacs-server secure-backdoor
Enables or disables the TACACS+ back door using secure
password for telnet/SSH/ HTTP/HTTPS. This command does not
apply when backdoor (telnet) is
enabled.
Command mode: Global configuration
[no] tacacs-server privilege-mapping
Enables or disables TACACS+ privilege-level mapping.
The default value is
disabled.
Command mode: Global configuration
tacacs-server user-mapping {<0-15>
user|oper|admin}
Maps a TACACS+ authorization level to a GbE2c user level. Enter
a TACACS+ privilege level (0-15), followed by the corresponding
GbE2c user level (user, oper, admin).
Command mode: Global configuration
tacacs-server enable
Enables the TACACS+ server.
Command mode: Global configuration
no tacacs-server enable
Disables the TACACS+ server.
Command mode: Global configuration
show tacacs-server
Displays current TACACS+ configuration parameters.
Command mode: All
IMPORTANT: If TACACS+ is enabled, you must login using TACACS+ authentication when connecting via the
console or Telnet/SSH/HTTP/HTTPS. Backdoor for console is always enabled, so you can connect using
notacacs and the administrator password even if the backdoor (telnet) or secure backdoor (secbd) are
disabled.
If Telnet backdoor is enabled (telnet ena), type in notacacs as a backdoor to bypass TACACS+
checking, and use the administrator password to log into the switch. The switch allows this even if TACACS+
servers are available.
If secure backdoor is enabled (secbd ena), type in notacacs as a backdoor to bypass TACACS+ checking,
and use the administrator password to log into the switch. The switch allows this only if TACACS+ servers are
not available.
NTP server configuration
These commands enable you to synchronize the switch clock to a Network Time Protocol (NTP) server. By default, this
option is disabled.
The following table describes the NTP Server Configuration commands.
Table 80 NTP Server Configuration commands
Command Description
[no] ntp prisrv <IP address>
Prompts for the IP addresses of the primary NTP server to which you
want to synchronize the switch clock. For example, 100.10.1.1
Command mode: Global configuration
[no] ntp secsrv <IP address>
Prompts for the IP addresses of the secondary NTP server to which you
want to synchronize the switch clock. For example, 100.10.1.2
Command mode: Global configuration
ntp interval <1-44640>
Specifies the interval, in minutes (1-44640), to resynchronize the switch
clock with the NTP server. The default is 1440 seconds.
Command mode: Global configuration
To Next Page
Loading...
Need help?
General