Support User Manuals

Dell S50V Switch User Manual

Open as PDF

of 1262

934 | Security

www.dell.com | support.dell.com

Figure 45-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the

configured access-class on the VTY line to be ignored. If you have configured a

deny10 ACL on the

TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0

subnet, FTOS also immediately closes the Telnet connection. Note, that no matter where the user is coming

from, they see the login prompt.

Figure 45-5. Specify a TACACS+ server host

When configuring a TACACS+ server host, you can set different communication parameters, such as the

the key password.

To specify a TACACS+ server host and configure its communication parameters, use the following

command in the CONFIGURATION mode:

To specify multiple TACACS+ server hosts, configure the

tacacs-server host command multiple times. If

multiple TACACS+ server hosts are configured, FTOS attempts to connect with them in the order in which

they were configured.

To view the TACACS+ configuration, use the

show running-config tacacs+ command in the EXEC

Privilege mode.

Command Syntax Command Mode Purpose

tacacs-server host {hostname |

ipv4-address | ipv6-address} [port

port-number] [timeout seconds] [key

key]

CONFIGURATION Enter the host name or IP address of the TACACS+

server host. Configure the optional communication

parameters for the specific host:

• port port-number range: 0 to 65335. Enter a TCP

port number. The default is 49.

• timeout seconds range: 0 to 1000. Default is 10

seconds.

• key key: Enter a string for the key. The key can be up

to 42 characters long. This key must match a key

configured on the TACACS+ server host. This

parameter should be the last parameter configured.

If these optional parameters are not configured, the

default global values are applied.

FTOS#

FTOS(conf)#

FTOS(conf)#ip access-list standard deny10

FTOS(conf-ext-nacl)#permit 10.0.0.0/8

FTOS(conf-ext-nacl)#deny any

FTOS(conf)#

FTOS(conf)#aaa authentication login tacacsmethod tacacs+

FTOS(conf)#aaa authentication exec tacacsauthorization tacacs+

FTOS(conf)#tacacs-server host 25.1.1.2 key force10

FTOS(conf)#

FTOS(conf)#line vty 0 9

FTOS(config-line-vty)#login authentication tacacsmethod

FTOS(config-line-vty)#authorization exec tacauthor

FTOS(config-line-vty)#

FTOS(config-line-vty)#access-class deny10

FTOS(config-line-vty)#end

previous next