Chapter 20: Security Configuration Guide

Monitoring RADIUS

You can monitor RADIUS configuration and statistics within the SSR.

To monitor RADIUS, enter the following commands in Enable mode:

Show RADIUS server statistics.

radius

show

stats

 

 

 

 

Show all RADIUS parameters.

radius

show

all

 

 

 

 

Configuring TACACS

In addition, Enable mode access to the SSR can be made secure by enabling a Terminal Access Controller Access Control System (TACACS) client. Without TACACS, TACACS Plus, or RADIUS enabled, only local password authentication is performed on the SSR. The TACACS client provides user name and password authentication for Enable mode. A TACACS server responds to the SSR TACACS client to provide authentication.

You can configure up to five TACACS server targets on the SSR. A timeout is set to tell the SSR how long to wait for a response from TACACS servers.

To configure TACACS security, enter the following commands in the Configure mode:

Specify a TACACS server.

tacacs set server <hostname or IP-addr>

 

 

Set the TACACS time to wait for a

tacacs set timeout <number>

TACACS server reply.

 

 

 

Determine SSR action if no server

tacacs set last-resort passwordsucceed

responds.

 

 

 

Enable TACACS.

tacacs enable

 

 

Monitoring TACACS

You can monitor TACACS configuration and statistics within the SSR.

To monitor TACACS, enter the following commands in Enable mode:

Show TACACS server statistics.

tacacs

show

stats

 

 

 

 

Show all TACACS parameters.

tacacs

show

all

 

 

 

 

SmartSwitch Router User Reference Manual

277

Page 303
Image 303
Cabletron Systems 9032578-05 manual Configuring Tacacs, Monitoring Radius, Monitoring Tacacs