Enterasys Networks CSX5500 User Guide
USER’S GUIDE
218 CyberSWITCH
If a specific set of parameters is required for a particular device, configure the specific device
independently, either locally (through the on-node device list) or in CSM. The CyberSWITCH will
look at the configured device table first before proceeding to the dynamic device default
configuration. Since the configured device table overrides the default configuration, leave the
dynamic device option enabled, and configure specific devices for exceptional cases only.
independently, either locally (through the on-node device list) or in CSM. The CyberSWITCH will
look at the configured device table first before proceeding to the dynamic device default
configuration. Since the configured device table overrides the default configuration, leave the
dynamic device option enabled, and configure specific devices for exceptional cases only.
TACACS A
UTHENTICATION
S
ERVER
C
ONFIGURING
A
TACACS A
UTHENTICATION
S
ERVER
Note:
In order for the CyberSWITCH to reference the TACACS server, basic IP information must
be configured. If the IP Host mode is not in use, you must also configure the following:
•
be configured. If the IP Host mode is not in use, you must also configure the following:
•
a LAN Network interface must be configured appropriately for the IP network
connected to each LAN port on the system
connected to each LAN port on the system
•
at least one WAN Network Interface must be configured for TACACS to be operable
U
SING
CFGEDIT
1.
Select option (3), TACACS from the Off-node Server Information menu. If you need guidance
to find this menu, refer to the instructions provided in the
to find this menu, refer to the instructions provided in the
configuration section. The following screen will be displayed:
2.
Select (1) Primary Server to enter the following information:
a.
a.
IP address of the Authentication Server
b.
UDP port number used by the Authentication Server
3.
Optional: configure a secondary TACACS Server with selection (2). In the event that the
primary server does not respond to system requests, the secondary server will be queried for
device authentication information. The address of the Secondary Server must not be the same
as the Primary Server.
primary server does not respond to system requests, the secondary server will be queried for
device authentication information. The address of the Secondary Server must not be the same
as the Primary Server.
4.
Select (3) Access Request Retry to finish configuration. Specify the number of access request
retries that the system will send to the Authentication Server, as well as the time between
retries. You may also specify order of the TACACS authentication prompts for access request.
retries that the system will send to the Authentication Server, as well as the time between
retries. You may also specify order of the TACACS authentication prompts for access request.
TACACS Authentication Server Menu:
Primary Server
IP Address is 001.002.003.004
UDP Port Number is 49
IP Address is 001.002.003.004
UDP Port Number is 49
Secondary Server
IP Address is 001.002.003.008
UDP Port Number is 49
IP Address is 001.002.003.008
UDP Port Number is 49
Access Request Retry
Number of Access Retries is 3
Time between Retries is 1 second
TACACS Packet Format is (ID CODE,PIN)
Number of Access Retries is 3
Time between Retries is 1 second
TACACS Packet Format is (ID CODE,PIN)
TACACS Server Configuration Options:
1) Primary Server
2) Secondary Server
3) Access Request Retry
Select function from above or <RET> for previous menu:
1) Primary Server
2) Secondary Server
3) Access Request Retry
Select function from above or <RET> for previous menu: