Support User Manuals

Dell FCX624-S Laptop User Manual

Open as PDF

of 1494

PowerConnect B-Series FCX Configuration Guide 1173

53-1002266-01

Configuring TACACS/TACACS+ security

32

Setting the retransmission limit

The retransmit parameter specifies how many times the Dell PowerConnect device will resend an

authentication request when the TACACS/TACACS+ server does not respond. The retransmit limit

can be from 1 – 5 times. The default is 3 times.

To set the TACACS/TACACS+ retransmit limit, enter a command such as the following.

PowerConnect(config)#tacacs-server retransmit 5

Syntax: tacacs-server retransmit <number>

Setting the timeout parameter

The timeout parameter specifies how many seconds the Dell PowerConnect device waits for a

response from the TACACS/TACACS+ server before either retrying the authentication request, or

determining that the TACACS/TACACS+ server is unavailable and moving on to the next

authentication method in the authentication-method list. The timeout can be from 1 – 15 seconds.

The default is 3 seconds.

PowerConnect(config)#tacacs-server timeout 5

Syntax: tacacs-server timeout <number>

Configuring authentication-method lists for

TACACS/TACACS+

You can use TACACS/TACACS+ to authenticate Telnet/SSH access and access to Privileged EXEC

level and CONFIG levels of the CLI. When configuring TACACS/TACACS+ authentication, you create

authentication-method lists specifically for these access methods, specifying TACACS/TACACS+ as

the primary authentication method.

Within the authentication-method list, TACACS/TACACS+ is specified as the primary authentication

method and up to six backup authentication methods are specified as alternates. If

TACACS/TACACS+ authentication fails due to an error, the device tries the backup authentication

methods in the order they appear in the list.

When you configure authentication-method lists for TACACS/TACACS+ authentication, you must

create a separate authentication-method list for Telnet/SSH CLI access, and for access to the

Privileged EXEC level and CONFIG levels of the CLI.

To create an authentication method list that specifies TACACS/TACACS+ as the primary

authentication method for securing Telnet/SSH access to the CLI.

PowerConnect(config)#enable telnet authentication

PowerConnect(config)#aaa authentication login default tacacs local

The commands above cause TACACS/TACACS+ to be the primary authentication method for

securing Telnet/SSH access to the CLI. If TACACS/TACACS+ authentication fails due to an error with

the server, authentication is performed using local user accounts instead.

To create an authentication-method list that specifies TACACS/TACACS+ as the primary

authentication method for securing access to Privileged EXEC level and CONFIG levels of the CLI.

PowerConnect(config)#aaa authentication enable default tacacs local none

previous next