EasyManuals Logo

IBM RackSwitch G8000 User Manual

IBM RackSwitch G8000
362 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #71 background imageLoading...
Page #71 background image
© Copyright IBM Corp. 2011 Chapter 5. Authentication & Authorization Protocols 69
2. Configure the TACACS+ secret and second secret.
3. If desired, you may change the default TCP port number used to listen to
TACACS+.
The well-known port for TACACS+ is 49.
4. Configure the number of retry attempts, and the timeout period.
LDAP Authentication and Authorization
N/OS supports the LDAP (Lightweight Directory Access Protocol) method to
authenticate and authorize remote administrators to manage the switch. LDAP is
based on a client/server model. The switch acts as a client to the LDAP server. A
remote user (the remote administrator) interacts only with the switch, not the
back-end server and database.
LDAP authentication consists of the following components:
A protocol with a frame format that utilizes TCP over IP
A centralized server that stores all the user authorization information
A client: in this case, the switch
Each entry in the LDAP server is referenced by its Distinguished Name (DN). The
DN consists of the user-account name concatenated with the LDAP domain name.
If the user-account name is John, the following is an example DN:
uid=John,ou=people,dc=domain,dc=com
Configuring the LDAP Server
G8000 user groups and user accounts must reside within the same domain. On the
LDAP server, configure the domain to include G8000 user groups and user
accounts, as follows:
User Accounts:
Use the uid attribute to define each individual user account.
User Groups:
Use the members attribute in the groupOfNames object class to create the user
groups. The first word of the common name for each user group must be equal
to the user group names defined in the G8000, as follows:
admin
oper
user
RS G8000(config)# tacacs-server primary-host 10.10.1.1 key
<1-32 character secret>
RS G8000(config)# tacacs-server secondary-host 10.10.1.2 key
<1-32 character secret>
RS G8000(config)# tacacs-server port <TCP port number>
RS G8000(config)# tacacs-server retransmit 3
RS G8000(config)# tacacs-server timeout 5

Table of Contents

Other manuals for IBM RackSwitch G8000

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the IBM RackSwitch G8000 and is the answer not in the manual?

IBM RackSwitch G8000 Specifications

General IconGeneral
BrandIBM
ModelRackSwitch G8000
CategoryNetwork Router
LanguageEnglish

Related product manuals