Brocade Communications Systems Brocade ICX 6650 6650 Manual De Usuario
Brocade ICX 6650 Security Configuration Guide
33
53-1002601-01
TACACS and TACACS+ security
Setting the TACACS+ key
The key parameter in the tacacs-server command is used to encrypt TACACS+ packets before they
are sent over the network. The value for the key parameter on the Brocade device should match the
one configured on the TACACS+ server. The key can be from 1 – 32 characters in length and cannot
include any space characters.
are sent over the network. The value for the key parameter on the Brocade device should match the
one configured on the TACACS+ server. The key can be from 1 – 32 characters in length and cannot
include any space characters.
NOTE
The tacacs-server key command applies only to TACACS+ servers, not to TACACS servers. If you are
configuring TACACS, do not configure a key on the TACACS server and do not enter a key on the
Brocade device.
configuring TACACS, do not configure a key on the TACACS server and do not enter a key on the
Brocade device.
To specify a TACACS+ server key, enter a command such as following.
Brocade(config)# tacacs-server key rkwong
Syntax: tacacs-server key [0 | 1] string
When you display the configuration of the Brocade device, the TACACS+ keys are encrypted. For
example.
example.
Brocade(config)# tacacs-server key 1 abc
Brocade(config)# write terminal
...
tacacs-server host 10.2.3.5 auth-port 49
tacacs key 1 $!2d
Brocade(config)# write terminal
...
tacacs-server host 10.2.3.5 auth-port 49
tacacs key 1 $!2d
NOTE
Encryption of the TACACS+ keys is done by default. The 0 parameter disables encryption. The 1
parameter is not required; it is provided for backwards compatibility.
parameter is not required; it is provided for backwards compatibility.
Setting the retransmission limit
The retransmit parameter specifies how many times the Brocade device will resend an
authentication request when the TACACS/TACACS+ server does not respond. The retransmit limit
can be from 1 – 5 times. The default is 3 times.
authentication request when the TACACS/TACACS+ server does not respond. The retransmit limit
can be from 1 – 5 times. The default is 3 times.
To set the TACACS and TACACS+ retransmit limit, enter a command such as the following.
Brocade(config)# tacacs-server retransmit 5
Syntax: tacacs-server retransmit number
Setting the timeout parameter
The timeout parameter specifies how many seconds the Brocade device waits for a response from
the TACACS/TACACS+ server before either retrying the authentication request, or determining that
the TACACS/TACACS+ server is unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.
the TACACS/TACACS+ server before either retrying the authentication request, or determining that
the TACACS/TACACS+ server is unavailable and moving on to the next authentication method in the
authentication-method list. The timeout can be from 1 – 15 seconds. The default is 3 seconds.
Brocade(config)# tacacs-server timeout 5
Syntax: tacacs-server timeout number