Configuring Tacacs

TACACS and TACACS+ security

When you paste commands into the running-config, and AAA command authorization or accounting, or both, are configured on the device, AAA operations are performed on the pasted commands. The AAA operations are performed before the commands are actually added to the running-config. The server performing the AAA operations should be reachable when you paste the commands into the running-config file. If the device determines that a pasted command is invalid,

AAAoperations are halted on the remaining commands. The remaining commands may not be executed if command authorization is configured.

TACACS/TACACS+ configuration considerations

•You must deploy at least one TACACS/TACACS+ server in your network.

•Brocade devices support authentication using up to eight TACACS/TACACS+ servers. The device tries to use the servers in the order you add them to the device configuration.

•You can select only one primary authentication method for each type of access to a device (CLI through Telnet, CLI Privileged EXEC and CONFIG levels). For example, you can select TACACS+ as the primary authentication method for Telnet CLI access, but you cannot also select RADIUS authentication as a primary method for the same type of access. However, you can configure backup authentication methods for each access type.

•You can configure the Brocade device to authenticate using a TACACS or TACACS+ server, not both.

Follow the procedure given below for TACACS configurations.

1.Identify TACACS servers. Refer to “Identifying the TACACS/TACACS+ servers” on page 31.

2.Set optional parameters. Refer to “Setting optional TACACS and TACACS+ parameters” on page 32.

3.Configure authentication-method lists. Refer to “Configuring authentication-method lists for TACACS and TACACS+” on page 34.