NEC N8406-022 manual TACACS+ server configuration

Page 62

TACACS+ server configuration

TACACS+ (Terminal Access Controller Access Control System) is an authentication protocol that allows a remote access server to forward a user's logon password to an authentication server to determine whether access can be allowed to a given system. TACACS+ and Remote Authentication Dial-In User Service (RADIUS) protocols are more secure than the TACACS encryption protocol. TACACS+ is described in RFC 1492.

TACACS+ protocol is more reliable than RADIUS, as TACACS+ uses the Transmission Control Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also, RADIUS combines authentication and authorization in a user profile, whereas TACACS+ separates the two operations.

TACACS+ offers the following advantages over RADIUS as the authentication device:

TACACS+ is TCP-based, so it facilitates connection-oriented traffic.

It supports full-packet encryption, as opposed to password-only in authentication requests.

It supports decoupled authentication, authorization, and accounting.

The following table describes the TACACS+ Server Configuration commands.

Table 59 TACACS+ Server Configuration commands

Command

Description

[no] tacacs-server host <IP address>

Defines the primary TACACS+ server address.

 

Command mode: Global configuration

[no] tacacs-server host <IP address> key <1-32 characters>

Defines the primary or secondary shared secret between the switch and the TACACS+ server(s).

Command mode: Global configuration

tacacs-server port <TCP port number>

Enter the number of the TCP port to be configured, between 1 -

 

65000. The default is 49.

 

Command mode: Global configuration

tacacs-server retransmit <1-3>

Sets the number of failed authentication requests before

 

switching to a different TACACS+ server. The range is 1-3

 

requests. The default is 3 requests.

 

Command mode: Global configuration

tacacs-server timeout <4-15>

Sets the amount of time, in seconds, before a TACACS+ server

 

authentication attempt is considered to have failed. The range

 

is 4-15 seconds. The default is 5 seconds.

 

Command mode: Global configuration

[no] tacacs-server telnet-backdoor

Enables or disables the TACACS+ back door for telnet. The

 

telnet command also applies to SSH/SCP connections and

 

the Browser-based Interface (BBI). This command does not

 

apply when secure backdoor (secbd) is enabled.

 

Command mode: Global configuration

[no] tacacs-server secure-backdoor

Enables or disables the TACACS+ back door using secure

 

password for telnet/SSH/ HTTP/HTTPS. This command does

 

not apply when backdoor (telnet) is enabled.

 

Command mode: Global configuration

[no] tacacs-server privilege-mapping

Enables or disables TACACS+ privilege-level mapping.

 

The default value is disabled.

 

Command mode: Global configuration

tacacs-server user-mapping {<0-15> useroperadmin}

Maps a TACACS+ authorization level to this switch user level. Enter a TACACS+ privilege level (0-15), followed by the corresponding the user level (user, oper, admin).

Command mode: Global configuration

tacacs-server enable

Enables the TACACS+ server.

 

Command mode: Global configuration

no tacacs-server enable

Disables the TACACS+ server.

 

Command mode: Global configuration

show tacacs-server

Displays current TACACS+ configuration parameters.

 

Command mode: All

Configuration Commands 62

Page 61 Page 63
Image 62
Page 61 Page 63
Contents N8406-022 1Gb Intelligent L2 Switch Page Contents Statistics commands Operations Commands Introduction Connecting to the switchIscli Reference Additional referencesEstablishing a Telnet connection Setting an IP addressTelnet 1Gb Intelligent L2 Switch IP address Establishing an SSH connectionAccessing the switch # ssh user@1Gb Intelligent L2 Switch IP addressPing IP address Idle timeoutTypographical conventions Show portchannel 1-12hashinformationShow ip interface Show spanning-tree stpIscli basics Accessing the IscliIscli Command Modes Global commands Switchconfig# spanning-tree stp 1 bridge hello Command line interface shortcutsCommand abbreviation Switchconfig# sp stp 1 br hInformation Commands System Information commands SNMPv3 Information commandsUser Name SNMPv3 USM User Table informationSNMPv3 View Table information ProtocolGroup Name SNMPv3 Access Table informationView Name PrefixSec Model SNMPv3 Group Table informationSNMPv3 Community Table information Index Name User Name Tag Trap1 Public V1v2only V1v2trapSec Level SNMPv3 Target Address Table informationSNMPv3 Target Parameters Table information SNMPv3 Notify Table information NameTag V1v2trapv1v2trapShow snmp-server v3 Command mode All SNMPv3 dumpSystem information System user information Usernames Enabled Oper Disabled Admin Always EnabledShow recent syslog messages Layer 2 information FDB information commands Show all FDB informationSpanning Tree information Show spanning-tree stp 1-32informationRapid Spanning Tree and Multiple Spanning Tree information Priority bridge Designated bridgeDesg 8000-000342fa3b80 8002 128 2000 Common Internal Spanning Tree informationDesg 8000-000342fa3b80 8001 P2P, Edge 128 2000 128 2000Discarding DISC, Learning LRN, Forwarding FWD, or Disabled DSBCist Root Vlan information Trunk group 1, Enabled port state STG 1 forwardingTrunk group information Layer 3 information ARP informationShow all ARP entry information Show layer3 information Command mode AllIP information ARP address list informationRmon Information Igmp multicast group informationIgmp multicast router port information Rmon history informationInterval Rmon alarm informationShow rmon alarm Rmon event information Show rmon eventLink status information VLANs Port informationPort Tag Rmon Pvid Uplink Failure Detection information Show geaport Command mode AllLogical Port to GEA Port mapping Information dump Statistics commands Port StatisticsBridging statistics Ethernet statisticsDot3StatsInternalMacTransmitError Dot3StatsAlignmentErrorsDot3StatsFCSErrors Dot3StatsSingleCollisionFramesInterface statistics Internet Protocol IP statistics Show interface gigabitethernet port number ip-countersFDB statistics Layer 2 statisticsLink statistics Show interface gigabitethernet port number link-countersLayer 3 statistics IP statisticsARP statistics ARP statistics ArpEntriesCur ArpEntriesHighWaterDNS statistics DnsInRequests DnsOutRequests DnsBadRequests DNS statisticsIcmp statistics TCP statistics UDP statistics Show mp tcp-block Management Processor statisticsIgmp Multicast Group statistics Show mp udp-block161 10ad41e8/10ad5790All UDP allocated control blocks Listen Snmp statistics Show snmp-server counters Command mode All except User ExecCPU statistics Decoding Snmp messages received Show ntp counters Command mode All NTP statisticsUplink Failure Detection statistics Statistics dumpSystem configuration Configuration CommandsSaving the configuration Viewing and saving changesSystem host log configuration Secure Shell Server configuration Radius server configuration TACACS+ server configuration NTP server configuration System Snmp configuration SNMPv3 configuration Privacy-protocol desnone User Security Model configurationPrivacy-password password No snmp-server userSNMPv3 View configuration View-based Access Control Model configurationSNMPv3 Group configuration SNMPv3 Community Table configurationSNMPv3 Target Address Table configuration SNMPv3 Target Parameters Table configurationManagement Networks configuration SNMPv3 Notify Table configurationSystem Access configuration User Access Control configuration User ID configurationHttps Access configuration Port configuration Temporarily disabling a portLayer 2 configuration Port link configurationSpanning-tree mstp Spanning-tree mrst ModeSpanning-tree mrst Enable NameCommon Internal Spanning Tree configuration Cist bridge configurationCist port configuration Spanning Tree configuration Bridge Spanning Tree configuration Spanning Tree port configuration Static FDB configuration Forwarding Database configurationTrunk configuration Layer 3 configuration Vlan configurationIP interface configuration Default Gateway configurationIgmp snooping configuration Address Resolution Protocol configurationIgmp configuration Igmp static multicast router configuration Igmp filtering configurationIgmp filter definition Domain Name System configurationIgmp filtering port configuration Rmon event configuration Remote Monitoring configurationRmon history configuration Rmon alarm configuration Port-based port mirroring Uplink Failure Detection configurationPort mirroring Link to Monitor configuration Configuration DumpFailure Detection Pair configuration Link to Disable configurationSaving the active switch configuration Restoring the active switch configurationOperations Commands Operations-level port optionsDownloading new software to the switch Boot OptionsUpdating the switch software image Router# copy tftp image1image2boot-imageSwitch# copy image1image2boot-image tftp Uploading a software image from the switchRouterconfig# boot image image1image2 Selecting a software image to runAccessing the AOS CLI Selecting a configuration blockResetting the switch Forwarding Database maintenance Maintenance CommandsSystem maintenance ARP cache maintenance Debugging optionsUuencode flash dump Igmp Snooping maintenanceIgmp Mrouter maintenance Switch# clear flash-dump Panic commandSwitch# copy flash-dump tftp server filename Tftp system dump putUnscheduled system dumps Index
Related manuals
Manual 62 pages 46.6 Kb

N8406-022 specifications

The NEC N8406-022 is a robust and versatile networking device designed primarily for organizations requiring high-performance connectivity solutions. As part of NEC's extensive portfolio of networking equipment, the N8406-022 is engineered to address the demands of modern enterprise environments, ensuring seamless communication and data processing capabilities.

One of the key features of the N8406-022 is its multi-layer switching functionality. This device supports Layer 2 and Layer 3 switching, allowing for efficient data routing and reducing latency within local area networks (LANs). This capability is particularly beneficial for businesses that rely on real-time data access and transfer, such as those in financial services, media, and telecommunications.

The N8406-022 is equipped with advanced Quality of Service (QoS) features that help prioritize critical network traffic. This means that voice and video data packets can be given precedence over less time-sensitive information, ensuring that essential communication remains clear and uninterrupted. This is crucial for organizations leveraging VoIP and video conferencing solutions.

In terms of connectivity, the NEC N8406-022 offers a variety of ports, including multiple Gigabit Ethernet ports, which facilitate high-speed data transfer and enable seamless integration into existing network infrastructures. The device may also include 10 Gigabit SFP+ ports, providing the flexibility for high-capacity uplinks to support bandwidth-intensive applications and storage solutions.

Security is another focal point of the NEC N8406-022, with integrated features such as VLAN support, access control lists (ACLs), and port security measures. These capabilities protect sensitive data from unauthorized access and ensure that only legitimate users and devices can connect to the network.

Moreover, the N8406-022 often incorporates advanced energy-efficient technologies that minimize power consumption without compromising performance. This not only contributes to operational cost savings but also supports organizations in their sustainability efforts.

With its combination of performance, security, and energy efficiency, the NEC N8406-022 stands out as a reliable networking solution suitable for a wide range of enterprises looking to enhance their connectivity and operational efficiency. Whether deployed in data centers or as part of a corporate network, this device is built to meet the evolving demands of today’s digital landscape.
Top Page Image Contents