Cabletron Systems CSX1000 User Manual
USER’S GUIDE
184 CyberSWITCH
3.
Optional: configure a secondary TACACS Server with selection (2). In the event that the
primary server does not respond to system requests, the secondary server will be queried for
device authentication information. The address and port number of the Secondary Server must
not be the same as the Primary Server.
primary server does not respond to system requests, the secondary server will be queried for
device authentication information. The address and port number of the Secondary Server must
not be the same as the Primary Server.
4.
Select (3) Access Request Retry to finish configuration. Specify the number of access request
retries that the system will send to the Authentication Server, as well as the time between
retries. You may also specify order of the TACACS authentication prompts for access request.
retries that the system will send to the Authentication Server, as well as the time between
retries. You may also specify order of the TACACS authentication prompts for access request.
U
SING
M
ANAGE
M
ODE
C
OMMANDS
tacacs
Displays the current TACACS off-node server configuration data.
tacacs change
Allows you to change the current TACACS off-node server configuration data. After entering
the
the
tacacs change
command, you will be prompted for the configuration elements you
want to change.
TACACS A
UTHENTICATION
S
ERVER
C
ONFIGURATION
E
LEMENTS
IP A
DDRESS
The IP address in dotted decimal notation for the TACACS Server.
UDP P
ORT
N
UMBER
The UDP port number used by the TACACS Server. The default value of 49 is almost always used.
N
UMBER
OF
A
CCESS
R
EQUEST
R
ETRIES
The number of Access Request Retries that the system will send to the TACACS Server. The initial
default value is 3. The acceptable range is from 0 to 32,767.
default value is 3. The acceptable range is from 0 to 32,767.
T
IME
BETWEEN
A
CCESS
R
EQUEST
R
ETRIES
The time between Access Request Retries sent from the system. The initial default value is 1 second.
The acceptable range is from 1 to 10,000.
The acceptable range is from 1 to 10,000.
TACACS
PACKET
FORMAT
The TACACS format for device authentication. The default format is ID code, PIN.
TACACS A
UTHENTICATION
S
ERVER
B
ACKGROUND
I
NFORMATION
The Terminal Access Controller Access Control System (TACACS) is a database supported by the
CyberSWITCH. TACACS operates using two components: client code and server code. TACACS
server software is installed on a UNIX-based system connected to the CyberSWITCH network. The
client protocols allow the system to communicate with the TACACS server, ultimately
authenticating devices.
CyberSWITCH. TACACS operates using two components: client code and server code. TACACS
server software is installed on a UNIX-based system connected to the CyberSWITCH network. The
client protocols allow the system to communicate with the TACACS server, ultimately
authenticating devices.
The following is a typical scenario if the TACACS Server is activated: with user level security, a
remote user will Telnet into a specified system port for user authentication. The system, in turn, will
send an access request to the primary TACACS Server. After the configured time interval the
remote user will Telnet into a specified system port for user authentication. The system, in turn, will
send an access request to the primary TACACS Server. After the configured time interval the