Support User Manuals

Fujitsu XG2000 Switch User Manual

Open as PDF

of 315

XG2000 series User's Guide

56/315

All Rights Reserved, Copyright (C) PFU LIMITED 2009

4.11.3 Configuring RADIUS/TACACS+

To configure RADIUS/TACACS+ authentication, carry out the following procedure.

Command Task

xg# configure terminal

Switch to global configuration mode.

xg(config)# radius-server key KEY

(Optional)

Specifies a global secret key which is used as a

default parameter when RADIUS server is registered

with no key parameter.

xg(config)# tacacs-server key KEY

(Optional)

Specifies a global secret key which is used as a

default parameter when TACACS+ server is

registered with no key parameter.

xg(config)# radius-server timeout <1 – 15>

(Optional)

Specifies the timeout(sec) for authentication requests.

xg(config)# radius-server host HOST [auth-port

PORT] [key KEY]

Register a RADIUS server.

xg(config)# tacacs-server host HOST [key KEY]

Register a TACACS+ server.

xg(config)# aaa authentication login {console |

ssh} {local | radius | tacacs} {local | none}

Set login authentication method.

xg(config)# exit

Exit to administrator EXEC mode.

xg# account user001 class admin

(Optional)

Register the same account for using

RADIUS/TACACS+ authentication on XG2000

XG2000 cannot use an unregistered account.

xg# show radius

Displays the information of RADIUS server

xg# show tacacs

Displays the information of TACACS+ server

xg# show authentication

Displays the setting status of login authentication

method

xg# show account

Lists the all accounts registered in the device.

z It is needed to register RADIUS/TACACS+ user accounts to XG2000 before enabling

RADIUS/TACACS+ authentication. XG2000 does not allow any account except for "admin" for the

default configuration.

z RADIUS/TACACS+ authentication is only available if primary login is RADIUS/TACACS+

authentication and secondary login is disable by "aaa authentication login" command. Any user can

not login XG2000 under RADIUS/TACACS+ authentication is only available if RADIUS/TACACS+

server does not work. It is recommended to test RADIUS/TACACS+ authentication under local

authentication is available.

z XG2000 requests authentication in order of the lists displayed by "show radius", "show tacacs"

command. Up to 4 access requests are transmitted for each RADIUS servers and 1 access for

TACACS+ servers until receiving the reply from the RADIUS/TACACS+ server.

previous next